Ubuntu: Security Advisory (USN-8044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8044-1 alsa-lib vulnerability

It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-23089

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...

EUVD-2026-5453

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems but the controls already added to the card still reference the freed memory. Later when sndcardregister runs...

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

PT-2026-5330

Name of the Vulnerable Software and Affected Versions alsa-lib versions 1.2.2 through 1.2.15.2 Description alsa-lib contains a heap-based buffer overflow in the topology mixer control decoder. The tplg decode control mixer1 function reads the num channels field from untrusted .tplg data and uses ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a possible memory corruption when handling IOCTL calls that set mixer control...

kernel: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp in scarlett2mixerctlput The Linux kernel CVE team has assigned CVE-2023-52674 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051747-CVE-2023-52674-2aec@gregkh/T...

CVE-2022-48716

CVE-2022-48716 affects the Linux kernel under the ASoC codecs path for wcd938x SDW. The root cause is an incorrect use of portid versus port id in mixer controls, where the channel id was used to index port-related structures. This can lead to out-of-bounds access to the port_map array and potent...

CVE-2023-52674

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp in scarlett2mixerctlput Ensure the value passed to scarlett2mixerctlput is between 0 and SCARLETT2MIXERMAXVALUE so we don't attempt to access outside scarlett2mixervalues...

CVE-2023-52674 ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp in scarlett2mixerctlput Ensure the value passed to scarlett2mixerctlput is between 0 and SCARLETT2MIXERMAXVALUE so we don't attempt to access outside scarlett2mixervalues...