kernel: ALSA: ymfpci: Create card with device-managed snd_devm_card_new()

A flaw was found in the Linux kernel's ALSA ymfpci sound driver. During a previous refactoring commit that removed sndcardymfpciremove, the sndcardnew call was not updated to snddevmcardnew. This omission means sndcardfree is never called during module unload, leading to a kernel oops when...

kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug

A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device...

kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...

kernel: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()

In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev devsetname in soundbusaddone allocates memory for name, it need be freed when ofdeviceregister fails, call soundbusdevput to give up the reference that hold in...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

OESA-2023-1199 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 acces...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

USN-5927-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

PT-2023-35432 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.95 Description: The issue is related to the ALSA hda codec, where the preset is not unset when cleaning up the codec. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

SUSE CVE-2007-4571

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...

The vulnerability of the ALSA:pcm component (the audio subsystem of the Linux operating system), which allows a hacker to cause a service failure and gain unauthorized access to protected information.

The vulnerability of the ALSA:pcm component the audio subsystem of the Linux operating system is related to a synchronization violation in sndctlelemreaduser. Exploiting this vulnerability can allow an attacker to cause service failures and gain unauthorized access to protected information...

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

kernel: ALSA: oss: Fix PCM OSS buffer allocation overflow

In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflow at vmalloc allocation that is called from sndpcmplugalloc. Although we apply the restrictions to input parameters, it's based only...

kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...

kernel: ALSA: pcm: Fix races among concurrent prealloc proc writes

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

...

kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation

Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it i...