581 matches found
CVE-2026-25271 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...
CVE-2026-45258
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-45258
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
SUSE CVE-2026-53158
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...
CVE-2026-53161
The CVE-2026-53161 entry concerns a use-after-free in the Linux kernel fastrpc subsystem. A race between fastrpc_device_release() (on file close) and the workqueue processing DSP responses can free the fastrpc_user while an in-flight DSP invocation is completing, leading to dereferencing freed co...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...
freerdp security update
2:2.11.7-7.3 - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 2:2.11.7-7.2 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add D...
FreeBSD-SA-26:27.sound
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:27.sound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in the sound4 mmap path Category: core Module: sound Announced: 2026-06-09...
CVE-2026-25260 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...
CVE-2026-25259 Out-of-bounds Write in DSP Service
Memory corruption while processing multiple IOCTL command for escape operations...
CVE-2026-25258 Out-of-bounds Read in DSP Service
Memory corruption while processing IOCTL calls for escape operations...
CVE-2026-25258 Out-of-bounds Read in DSP Service
Memory corruption while processing IOCTL calls for escape operations...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016773)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016773 advisory. An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: A custom memory copy implementation was added for i.MX DSP cores. The IRAM is part of the HiFi DSP. According to the hardware specifications, only 32-bit writes are allowed; otherwise, a Kernel panic will...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Fixed out-of-bounds memory read access in KUnit tests wmfw info KASAN reported an out-of-bounds access – csdspmockwmfwaddinfo, because the length of the source string was rounded up to the allocation size...