50 matches found
CVE-2025-39938 ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails e.g. ADSP rejects due to incorrect audioreach topology, the graph is closed and "daidata-graphdai-id" is...
EUVD-2025-25539
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-38662
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365daisetpriv Given mt8365daisetpriv allocate privsize space to copy privdata which means we should pass mt8365i2sprivi or "struct mtkafei2spriv" instead of afepriv which ha...
PT-2025-34423
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was discovered in the Linux kernel related to the ASoC Audio Subsystem over Component framework, specifically within the mediatek mt8365-dai-i2s driver. The mt8365 dai set priv...
Linux Distros Unpatched Vulnerability : CVE-2024-38551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card...
CLSA-2025-1748365686 kernel: Fix of 12 CVEs
ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 - media: uvcvideo: Fix double free in error path CVE-2024-57980 - jffs2: Prevent rtime decompress memory corruption CVE-2024-57850 - wifi: iwlegacy:...
Arbitrary File Upload
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Upload via the audio/api/v1/transcriptions endpoint. An attacker can execute arbitrary code on the server by uploading a malicious file with a crafted filename that exploits insufficient...
kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A vulnerability was found in the Linux kernel's USB Audio driver. This flaw allows an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by manipulating system memory, potentially escalating privileges, or executing arbitrary code...
Security Vulnerabilities fixed in Firefox 136 — Mozilla
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...
AZL-57899 CVE-2024-58012 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...
CVE-2024-58012 ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...
DEBIAN-CVE-2022-49245
In the Linux kernel, the following vulnerability has been resolved: ASoC: rockchip: Fix PM usage reference of rockchipi2stdmresume pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by replacing it with...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: meson: axg-card: fixed “use-after-free” issue The buffer “card-dailink” is reallocated in “mesoncardreallocatelinks”. Therefore, the initialization of the “pad” pointer should be moved after this function, when the memor...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ASoC Intel hda-dai module incorrectly releasing the link DMA when STOP is triggered, which could lead to...
PT-2025-8834
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the topology might not create the right number of DAI widgets for aggregated amps, leading to a NULL pointer deference. This occurs...
SUSE CVE-2024-38551
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the cod...
DEBIAN-CVE-2024-38551
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the cod...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the sndusbparseaudiointerface function allowing out-of-bounds reads...
SUSE CVE-2015-4477
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API...
PT-2022-34612 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.9 Description: The issue is related to an out-of-bounds bug in the snd usb parse audio interface function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...