3506 matches found
kernel: ALSA: 6fire: fix use-after-free on disconnect
A flaw was found in the Linux kernel's ALSA 6fire USB audio device driver. During the disconnection process of a 6fire USB audio device, a use-after-free vulnerability occurs. This happens when the system attempts to write to memory that has already been deallocated, which can lead to memory...
Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-3)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-3 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...
FreeBSD : FreeBSD -- Multiple vulnerabilities in the sound(4) mmap path (253188dd-6473-11f1-958d-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 253188dd-6473-11f1-958d-bc241121aa0a advisory. The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingl...
ALSA-2026:25217 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...
ALSA-2026:25120 Critical: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...
USN-8044-2 alsa-lib vulnerability
USN-8044-1 fixed a vulnerability in alsa-lib. This update provides the corresponding fix for alsa-lib on Ubuntu 20.04 LTS. Original advisory details: It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology fil...
FreeBSD Security Advisory - FreeBSD-SA-26:27.sound
FreeBSD Security Advisory - The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and...
FreeBSD-SA-26:27.sound
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:27.sound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in the sound4 mmap path Category: core Module: sound Announced: 2026-06-09...
FreeBSD -- Multiple vulnerabilities in the sound(4) mmap path
Problem Description: The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length...
SUSE CVE-2026-46262
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760 "ASoC: fslxcvr: fix missing lock in fslxcvrmodeput". The original patch attempted to acquire the card-controlsrwsem lock in fslxcvrmodeput...
Updated sdl2_sound packages fix security vulnerability
Updated packages fix CVE-2025-14369 in bundled drflac...
SUSE-SU-2026:21883-1 Security update for qemu
This update for qemu fixes the following issues - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to heap...
SUSE CVE-2026-46157
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...
SUSE CVE-2026-46179
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...
Linux Distros Unpatched Vulnerability : CVE-2026-46179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by...
Linux Distros Unpatched Vulnerability : CVE-2026-46184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete a...
CVE-2026-46179
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC Sound Open Firmware SOF subsystem. This vulnerability occurs when reporting the pointer for a compressed stream, where the I/O frame position is divided by values that can be zero if the stream...
CVE-2026-46157
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Pulse Code Modulation PCM Open Sound System OSS subsystem. A data race vulnerability exists due to concurrent access to the runtime.oss.trigger field without proper protection. This unprotected access can lead to the...
CVE-2026-46184
In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...
CVE-2026-46143
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens As prepare can be called mulitple times, this can result in multiple graph opens for playback path. This will result in a memory leaks, fix this by adding a check before openi...