14162 matches found
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
CVE-2026-54233
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-10593
The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...
CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-49417
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
...
PT-2026-53063
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...
UBUNTU-CVE-2026-53291
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...
SUSE CVE-2026-52963
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
SUSE CVE-2026-52964
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
CVE-2026-52964
A flaw was found in the Linux kernel's ALSA USB audio component. The USB MIDI 2.0 endpoint parser, responsible for handling audio device descriptors, failed to properly validate the length of these descriptors. This vulnerability could allow a local attacker, by connecting a specially crafted...
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
RLSA-2026:27789 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...
EUVD-2026-39193
In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...
CVE-2026-53242
CVE-2026-53242 affects the Linux kernel ALSA PCM path (snd_pcm_drain) on linked streams. The bug arises from wait queue handling: init_waitqueue_entry does not clear prev/next and add_wait_queue/remove_wait_queue sequencing can leave an orphaned wait entry on an old sleep queue after UNLINK, caus...
CVE-2026-12319
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Audio/Video: Playback component...
PT-2026-52336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA dummy sequencer port where events are forwarded by copying an incoming struct snd seq event into a stack temporary. Because the legacy event storage is smalle...