CVE-2026-46048

ALSA: caiaq: fix usbdev refcount leak on probe failure...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints

In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...

PT-2026-37466

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the ALSA OSS mixer layer. The mixer layer calls kcontrol operations individually, which may result in pending calls not being caught when a device is...

CVE-2026-31775

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc-daios at atcgetresources; now it loops over all enum DAIOTYP entries while it looped formerly only a pa...

CVE-2026-31581

CVE-2026-31581 affects the Linux kernel ALSA 6fire USB audio driver. The issue is a use-after-free in usb6fire_chip_abort() where the chip structure is allocated as the card’s private data and, after snd_card_free_when_closed() frees the card (when no file handles are open), a later write to chip...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

CVE-2023-54308

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...

CVE-2022-50866

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...

EUVD-2023-60254

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocati...

CVE-2022-50719

Technical details about CVE-2022-50719 are not publicly provided in the supplied documents. No affected products, impact, or fixes are specified here. Monitor for updates from the sources to obtain concrete information.

EUVD-2025-201586

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet sizes are limited by so...

CVE-2023-53640

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN useafterfree out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcacheflatread" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bound...

ALSA: seq: oss: Fix races at processing SysEx messages

...

CVE-2025-38629

Technical details about CVE-2025-38629 are not publicly available in the provided connected documents. The initial description mentions a NULL check in scarlett2, but no further technical specifics are provided. Monitor for updates.

Linux Distros Unpatched Vulnerability : CVE-2022-50049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections a...

Linux Distros Unpatched Vulnerability : CVE-2025-21870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in...

CVE-2024-56532 ALSA: us122l: Use snd_card_free_when_closed() at disconnection

In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses sndcardfree at disconnection, but this waits for the close of all...

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

...

DEBIAN-CVE-2021-47509

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size the fragment shift in OSS instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of...