9 matches found
PT-2026-34971
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA fireworks component where the system fails to properly validate the status field in an EFW response. This field is a 32-bit value supplied by the firewire...
EUVD-2023-60361
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if initstream failed, but it instead freed dg00x-rxstream and returned success. This potentially leads to a use after free...
CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346
The CVE-2025-68346 vulnerability affects the Linux kernel ALSA: dice driver. The root cause is a missing validation of stream_count read from a FireWire device in detect_stream_formats(), which can allow out-of-bounds writes if stream_count exceeds MAX_STREAMS. The fix adds the same validation to...
CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
Code injection
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by 1 inserting CD-ROM media, 2 inserting DVD media, 3 connecting a USB device, and 4 connecting a Firewire device; 5 allows...
CVE-2009-0243
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by 1 inserting CD-ROM media, 2 inserting DVD media, 3 connecting a USB device, and 4 connecting a Firewire device; 5 allows...