278 matches found
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
OESA-2026-2850 alsa-lib security update
The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system. More detail: https://alsa.opensrc.org/Alsa-lib Security Fixes: The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in...
OESA-2026-2847 alsa-lib security update
The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system. More detail: https://alsa.opensrc.org/Alsa-lib Security Fixes: The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in...
CVE-2026-53348
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC SoundWire Digital Audio SDCA component. The sdcadevunregisterfunctions function does not properly check for NULL function device entries during unregistration. This oversight can lead to a NULL point...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
Linux Distros Unpatched Vulnerability : CVE-2026-53241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary,...
UBUNTU-CVE-2026-53291
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...
CVE-2026-52963
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA USB audio driver. The driver's handling of MIDI Musical Instrument Digital Interface endpoint descriptors did not properly bound scans, allowing it to read beyond the intended memory buffer. This out-of-bounds read coul...
CVE-2026-53052
A flaw was found in the Linux kernel. The Advanced Linux Sound Architecture on Chip ASoC subsystem, specifically within the Qualcomm qdsp6 topology component, fails to verify the type of a virtual widget before accessing its private data. This oversight could allow an attacker to cause incorrect...
CVE-2026-53242
A flaw was found in the Advanced Linux Sound Architecture ALSA Pulse-Code Modulation PCM component of the Linux kernel. This vulnerability involves a corruption of wait queue lists within the sndpcmdrain function when processing linked streams. An attacker could exploit this issue to trigger a...
CVE-2026-53193
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA timer component. This vulnerability occurs when a timer object is freed while timer instances are still associated with it, particularly when userspace-driven timers are involved. A local user can exploit this by...
CVE-2026-53192
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA timer component. A race condition can occur during the release of a timer object, specifically when the SNDRVTIMERIOCTLPARAMS ioctl is called concurrently. This can lead to a use-after-free vulnerability, potentially...
PT-2026-52930
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA hda/conexant component where the cx probe function fails to verify the return value of snd hda jack detect enable callback. This function returns a pointer th...
CVE-2026-53241
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
CVE-2026-53193
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...
CVE-2026-53192
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...
CVE-2026-52963
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
CVE-2026-52964
Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...
CVE-2026-52963
CVE-2026-52963 affects the Linux kernel ALSA usb-audio code path, specifically the MIDI endpoint handling in snd_usbmidi_get_ms_info. The vulnerability arises when the descriptor walker returns a class-specific MIDI endpoint with bLength larger than the remaining bytes in the endpoint-extra scan,...