166 matches found
CVE-2026-35674
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
EUVD-2026-29142
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...
SUSE CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
PT-2026-39686
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...
EUVD-2026-28749
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
UBUNTU-CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
CVE-2026-43443
CVE-2026-43443 involves the Linux kernel ASoC AMD ACP Mach common driver. The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not validate clk_get() returns, risking dereferencing invalid pointers and kernel crash. The patch changes clock acquisition to devm_clk_get() and adds IS...
CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
PT-2026-39104
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ASoC amd acp-mach-common component, the functions acp card rt5682 init and acp card rt5682s init fail to check the return values of clk get. This lack of error handling can result...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of error checking in the clock acquisition process within ASoC and acp-mach-common. This...
NPM: OpenClaw's ACP child sessions inherit subagent security envelope constraints
NPM: OpenClaw's ACP child sessions inherit subagent security envelope constraints vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.21...
OpenClaw's ACP child sessions inherit subagent security envelope constraints
Summary ACP child sessions inherit subagent security envelope constraints. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A restricted subagent spawning an ACP child session could fail to carry forward subagent-only...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fixed a memory leak in amdsofacpprobe The driver uses kasprintf to initialize the fwcode,databin members of struct acpdevdata, but kfree is never called to deallocate the memory, resulting in a memory leak. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fixed incorrect retrieval of acpchipinfo. Use devgetdrvdatadev-parent instead of devgetplatdatadev to correctly obtain members of acpchipinfo in the acp I2S driver. Previously, some members were not updated proper...
CVE-2026-41370
OpenClaw is affected by a path traversal vulnerability in ACP dispatch prior to version 2026.3.31. An attacker can manipulate inbound channel attachment paths to read arbitrary files, bypassing attachment-cache and root-directory checks to access locations outside the intended directories. This i...
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...