CVE-2026-31776

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daiodeviceindex for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and...

EUVD-2026-26510

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...

PT-2026-36410

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc-daios at atc get resources; now it loops over all enum DAIOTYP entries while it looped formerly only a...

ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

...

ALSA: fireworks: bound device-supplied status before string array lookup

...

CVE-2026-31620

CVE-2026-31620 affects the Linux kernel ALSA usx2y driver (TASCAM US-144MKII). A malicious USB device can present a configuration with bInterfaceNumber=1 but no interface 0, causing usb_ifnum_to_if(dev,0) to dereference NULL. This can crash the kernel (DoS). The fix is to properly check the retur...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012968 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013068 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011080)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011080 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuningctlset tuningctlset might have buffer overrun at...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007481 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

CVE-2026-23318

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio driver. A malicious USB Audio Class 3 UAC3 device could exploit an incorrect protocol version used for UAC3 header validation. This error causes the device's header descriptors to bypass validation, allowing a...

CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

CVE-2026-23208 ALSA: usb-audio: Prevent excessive number of frames

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize0 22 packsize1 23. The buffer size for each data URB is maxpacksize...

CVE-2026-23191

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

Linux Distros Unpatched Vulnerability : CVE-2026-23208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsiz...

CVE-2025-71192

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in sndac97controllerregister If ac97addadapter fails, putdevice is the correct way to drop the device reference. kfree is not required. Add kfree if idralloc fails and in ac97adapterrelease to do the...

CVE-2026-23089 ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...

CVE-2026-23089 ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...

CVE-2026-23089 ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...