20 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007329)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007329 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer dereference in sndusbmixercontrolsbadd In sndusbcreatestreams,...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006702)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006702 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need t...
CVE-2026-23318
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio driver. A malicious USB Audio Class 3 UAC3 device could exploit an incorrect protocol version used for UAC3 header validation. This error causes the device's header descriptors to bypass validation, allowing a...
UBUNTU-CVE-2026-23318
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...
CVE-2025-14027
CVE-2025-14027 affects Rockwell Automation 1756-RM2 and 1756-RM2XT firmware in ControlLogix Redundancy Enhanced Modules. The issue is described as multiple denial-of-service vulnerabilities triggered by crafted inputs (including malformed Class 3 messages, memory leak conditions, and other resour...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...
EUVD-2025-201580
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer dereference in sndusbmixercontrolsbadd In sndusbcreatestreams, for UAC version 3 devices, the Interface Association Descriptor IAD is retrieved via usbifnumtoif. If this call fails, a fallback...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
AZL-67229 CVE-2025-39757 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
...
SUSE CVE-2025-38729
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...
CVE-2022-1797
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownloa...