Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ALSA usb-audio not properly limiting the size of the PCM transfer buffer, which could result in a buffer...

kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug

A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug

A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device...

kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug

A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device...

kernel: Linux kernel ALSA hda/ca0132 buffer overflow

This CVE has been marked as Rejected by the assigning CNA...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988816)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988816 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access inputdev under mutex It is possible when using ASoC that inputdev is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989335 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990150)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990150 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989206)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989206 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTLDSPSYNC There is a small race window at sndpcmosssync that is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989559 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurre...

kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

SUSE CVE-2025-40098

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41getacpimutestate Return value of a function acpievaluatedsm is dereferenced without checking for NULL, but it is usually checked for this function. acpievaluatedsm may...

EUVD-2025-36981

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hdacomponentmanagerinit function The componentmatchadd function may assign the 'matchptr' pointer the value ERRPTR-ENOMEM, which will subsequently be dereferenced. The call stack leading to...

kernel: Linux kernel ALSA hda/ca0132 buffer overflow

This CVE has been marked as Rejected by the assigning CNA...

CVE-2025-40085

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Linux Distros Unpatched Vulnerability : CVE-2025-39997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f ALSA: usb-audio: Kill timer properly at removal patched a UAF issu...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27436)

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. This plugin only works with Tenable.ot. Please vis...