48 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Added a check for allocation failure for the Entity name. Currently, the findsdcaentityiot function can allocate a string for the Entity name, but it does not check whether the allocation was successful. A NULL check...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2m2mregisterentity The entity-name i.e. name is allocated in v4l2m2mregisterentity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memle...
GHSA-46J8-VPX8-6P72 Home Assistant has stored XSS in history-graphs
Summary The "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable to the same issue as CVE-2025-62172. This also indicates that any sensor showing their name in the history-graph, is likely to be vulnerable to this issue. Details Another...
Home Assistant has stored XSS in history-graphs
Summary The "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable to the same issue as CVE-2025-62172. This also indicates that any sensor showing their name in the history-graph, is likely to be vulnerable to this issue. Details Another...
PT-2026-28467
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.02 through 2026.01 Description The "remaining charge time" sensor for mobile phones imported from Android Auto in Home Assistant is susceptible to cross-site scripting XSS. This issue is similar to CVE-2025-62172...
CVE-2026-23301
A flaw was found in the Linux kernel's ASoC Advanced Linux Sound Architecture System on Chip SDCA SoundWire Digital Control Adapter component. The findsdcaentityiot function fails to check for successful memory allocation when assigning an entity name. This vulnerability could allow a local...
Linux Distros Unpatched Vulnerability : CVE-2026-23301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can...
SUSE CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
EUVD-2026-15236
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
UBUNTU-CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301 ASoC: SDCA: Add allocation failure check for Entity name
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301
The CVE-2026-23301 issue affects the Linux kernel ASoC SDCA component, specifically the find_sdca_entity_iot() path that allocates a string for an Entity name but does not verify the allocation result. Red Hat and Debian-family advisories describe this as a local vulnerability that could enable a...
CVE-2026-23301 ASoC: SDCA: Add allocation failure check for Entity name
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...
PT-2026-27666
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ASoC ALSA System on Chip subsystem, specifically in the SDCA Simple Device Configuration Architecture component. The find sdca entity iot...
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...
CVE-2025-62172
Summary of vulnerability (CVE-2025-62172) : Home Assistant Energy dashboard in versions 2025.1.0–2025.10.1 is vulnerable to stored XSS via HTML in energy entity names. An authenticated user can inject JavaScript that executes in other users’ sessions when hovering graph tooltips, because entity n...