kernel: Linux kernel: ALSA: ump buffer overflow via malformed UMP SysEx message

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Universal MIDI Packet UMP driver. This vulnerability allows a buffer overflow and potential memory corruption via a malformed Universal MIDI Packet UMP System Exclusive SysEx message during MIDI 1.0 to UMP conversion...

EUVD-2007-4553

Malware in sbrugna...

EUVD-2025-18575

Malicious code in bioql PyPI...

EUVD-2022-54693

Malicious code in bioql PyPI...

EUVD-2024-53179

Malicious code in bioql PyPI...

CVE-2025-38454

CVE-2025-38454: In the Linux kernel, ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp(); switches to pr_warn() when 'pdev' is NULL to avoid NULL pointer dereference. The description indicates the fix is kernel-side and targets the ad1816A soundcard driver; no details on aff...

CVE-2025-38105 ALSA: usb-audio: Kill timer properly at removal

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned...

PT-2025-25944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the ALSA Advanced Linux Sound Architecture in the Linux kernel, specifically with the HDAudio bus driver. When the early probe of the HDAudio bus driver fails, fo...

Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE bsc1240840. CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294...

CVE-2022-49772 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't have happened, but in reality, the NULL port may be seen when the devic...

SUSE-SU-2025:1416-1 Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059182 fixes several issues. The following security issues were fixed: - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. - CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431...

RHEL 7 : kernel (RHSA-2025:3880)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3880 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Fix out of bounds read...

CVE-2023-52988 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath sndhdagetconnections can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center...

CVE-2023-52988

CVE-2023-52988 — Linux kernel ALSA: hda/via : The issue arises in the HDA VIA path where snd_hda_get_connections() may return a negative error code, allowing an array access with a negative index in add_secret_dac_path(). This can lead to out-of-bounds access of the conn array, with potential imp...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-53180)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53180 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the...

Linux Distros Unpatched Vulnerability : CVE-2024-56533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usx2y: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code use...

CVE-2022-49733

CVE-2022-49733 affects the Linux kernel ALSA: oss subsystem (snd_pcm_oss) with a race in snd_pcm_oss_sync() triggered via SNDCTL_DSP_SYNC. The issue arises because snd_pcm_oss_make_ready() is invoked before acquiring the params_lock, creating a window where another thread can reconfigure the stre...

CVE-2022-49498

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the assignment of pointer card before substream is being null checked with the macro PCMRUNTIMECHECK...

CVE-2022-49291

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...

CVE-2022-49045

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...