PT-2026-43859

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ALSA caiaq component. The error handling path for the setup card function fails to kill the internal URB cdev-ep1 in urb if it was submitted before the error...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda/ca0132: fixed a buffer overflow issue in tuningctlset The tuningctlset function might cause a buffer overflow if it does not break from the loop when matching A. static int tuningctlset... for i = 0; i This patch...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed the issue of null pointer dereferencing on the pointer csdesc. The pointer csdesc is returned from sndusbfindclocksource; this pointer may be null, resulting in a potential null pointer dereferencing issue...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed negative period/buffer sizes The calculation of the period size in the OSS layer may generate a negative value as an error. However, the code there assumes only positive values and handles them using sizet. ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: ctxfi – Fixed improper handling of the missing SPDIFI1 index in daiodeviceindex. The SPDIF1 DAIO type is not properly handled in daiodeviceindex for hw20k2. This led to a -EINVAL error, which resulted in out-of-bounds...

CVE-2026-43437

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture PCM Pulse Code Modulation subsystem. A local attacker could exploit a use-after-free vulnerability by triggering a race condition when closing a linked audio stream. This could lead to system instability, denial of...

CVE-2026-43436

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB-audio driver, specifically within the Scarlett2 mixer quirk. A local attacker could exploit this vulnerability by providing a specially crafted, malformed USB descriptor. This could lead to a NULL dereference in the...

CVE-2026-43412

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC subsystem, specifically within the Qualcomm qcom qdsp6 audio driver. During the stop and start process of the Audio Digital Signal Processor ADSP, an incorrect order of component removal can occur...

CVE-2026-43436

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...

CVE-2026-43436

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...

Linux Distros Unpatched Vulnerability : CVE-2026-43436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue of reusing a freed link stream after the sndpcmdrain function in ALSA pcm is released...

EUVD-2026-27687

In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...

CVE-2026-43137

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the preparesilenturb function in ALSA’s usb-audio library. This function does not validate the si...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a possible null-pointer dereference due to a data race in sndhdacregmapsync The variable codec-regmap is often protected by the lock codec-regmaplock when it is accessed. However, it is accessed without holding t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use sndcardfreewhenclosed when there is a disconnection. The USB disconnection callback should be short and not too long. On the other hand, the current code uses sndcardfree when there is a disconnection, but this...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: For the hda codecs, do not unset the preset when cleaning up the codec. Several functions involved in the initialization and removal of codecs are reused by ASoC codec driver implementations. These drivers mimic the behavio...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – fixed a buffer overflow issue in the hwdep read function for DSP events. The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, especially when the user provided a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fixed a buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...