Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind When the device is bound, we register the HDMI codec device. However, we do not unregister it when the device is unbound, resulting in a device leakage issue. We need to unregister...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a potential memory leak in “addwidgetnode”. Since “kobjectadd” may allocate memory for “kobject-name” when returning an error. In this function, if the call to “kobjectadd” fails, the memory is not freed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a UAF Use-after-Free in LED devices during unbinding. LED devices created by HD-audio codec drivers are registered using devmledclassdevregister, and they are associated with the HD-audio codec device...

EUVD-2026-27699

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

CVE-2026-43137

Summary: CVE-2026-43137 affects the Linux kernel ASoC SOF Intel HDA subsystem. A mismatch between DAI links in the machine driver and the topology can leave the playback/capture widget unset, which may trigger a null pointer dereference. The issue is fixed in the reported OSV entries (Ubuntu root...

PT-2026-37477

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of a playback/capture component in the ASoC SOF Intel hda. This could lead to null pointer...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fixed a potential buffer overflow issue caused by snprintf. The snprintf function returns the size of the string that would be filled if it exceeds the given buffer size. Therefore, using this value may lea...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fixed the null dereference in the HDMI teardown process. The pcisetdrvdata function sets the value of pdev-driverdata to NULL. After that, the driverdata obtained from the same device is dereferenced in...

PT-2026-22317

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for OS Command Injection. Insufficient input validation in certain parameters can lead to...

Johnson Controls Frick Controls Quantum HD 安全漏洞

Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were caused b...

CVE-2025-33237

NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service...

WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HD Quiz versions = 2.0.9...

Azure Linux 3.0 Security Update: qemu (CVE-2021-3611)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3611 advisory. - A stack overflow vulnerability was found in the Intel HD Audio device intel-hda of QEMU. A malicious guest coul...

CVE-2020-12307

Improper permissions in some IntelR High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-68345

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41hdareadacpi The acpigetfirstphysicalnode function can return NULL, in which case the getdevice function also returns NULL, but this value is then dereferenced without...

EUVD-2023-60118

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuningctlset tuningctlset might have buffer overrun at X if it didn't break from loop by matching A. static int tuningctlset... for i = 0; i TUNINGCTLSCOUNT; i++ A if nid ==...

CVE-2023-53788 ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuningctlset tuningctlset might have buffer overrun at X if it didn't break from loop by matching A. static int tuningctlset... for i = 0; i TUNINGCTLSCOUNT; i++ A if nid ==...

CVE-2020-36874

ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...