311 matches found
SUSE CVE-2026-43459
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in sndsocdapmstreamevent, called from the closedelayedwork workqueue handler...
SUSE CVE-2025-71286
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...
CVE-2026-43412
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...
CVE-2026-43459 ASoC: soc-core: flush delayed work before removing DAIs and widgets
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in sndsocdapmstreamevent, called from the closedelayedwork workqueue handler...
CVE-2026-43437
CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...
Linux Distros Unpatched Vulnerability : CVE-2026-43459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in...
EUVD-2026-27699
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...
EUVD-2026-27600
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Fix errors in IRQ cleanup IRQs are enabled through sdcairqpopulate from component probe using devmrequestthreadedirq, this however means the IRQs can persist if the sound card is torn down. Some of the IRQ handlers...
CVE-2026-43137
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...
CVE-2026-43095
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Fix errors in IRQ cleanup IRQs are enabled through sdcairqpopulate from component probe using devmrequestthreadedirq, this however means the IRQs can persist if the sound card is torn down. Some of the IRQ handlers...
PT-2026-37544
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASoC qcom q6asm component where DSP responses arriving after a data stream had been closed were still being handled. This failure to properly ignore these response...
CVE-2026-31776
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daiodeviceindex for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and...
SUSE-SU-2026:1464-1 Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy...
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301 ASoC: SDCA: Add allocation failure check for Entity name
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23089 ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...
SUSE CVE-2026-23006
In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "sndsoccomponent" in "adcx140priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140priv"...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46863)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46863 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: a...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003719)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003719 advisory. An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004141)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004141 advisory. An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures...