Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992956 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from bo...

Linux Distros Unpatched Vulnerability : CVE-2023-54308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 ALSA: ymfpci: Allocate resources with...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54233

The CVE-2023-54233 issue affects the Linux kernel ASoC/SOF path, where IPC4 topologies containing an unsupported widget could leave the .module_info field unset, leading to a NULL dereference in sof_ipc4_route_setup() and a kernel Oops. A fix adds a guard to handle such cases. Connected sources c...

EUVD-2025-205108

In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...

CVE-2025-68346

In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

EUVD-2025-201864

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

DEBIAN-CVE-2023-53866

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn't held appropriately. In the following functions, warning were issued ...

CVE-2023-53788

Technical details about CVE-2023-53788 are not provided in the connected documents. The SUSE advisories list the vulnerability, but no specifics on affected products/versions, root cause, or fixes are disclosed here. Monitor for updates.

Linux Distros Unpatched Vulnerability : CVE-2023-53866

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn'...

UBUNTU-CVE-2025-40132

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...

PT-2025-51685

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the ASoC SDCA component and parsing of the mipi-sdca-control-cn-list. The struct sdca control declares a values field as an integer array, bu...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990416 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989177 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in sndsocexit KASAN reports a use-after-free: BUG: KASAN:...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990176 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in sndsocputvolsw We don't currently validate that the...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

EUVD-2025-31859

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

Linux Distros Unpatched Vulnerability : CVE-2022-50431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev devsetname in soundbusaddone allocates memory for name, it need be freed when ofdeviceregister fails...

CVE-2023-53640

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN useafterfree out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcacheflatread" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bound...