Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that the BAM is enabled. This often occurs for remotely controlled or remotely...

Medium: alsa-lib

Issue Overview: alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

AZL-75773 CVE-2026-25068 affecting package alsa-lib 1.2.9-1

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

UBUNTU-CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

CVE-2026-25068

Summary: CVE-2026-25068 affects alsa-lib versions 1.2.2 through 1.2.15.2 (before commit 5f7fe33). A heap-based buffer overflow in the topology mixer control decoder is caused by tplg_decode_control_mixer1() reading the untrusted num_channels from a .tplg file and using it as a loop bound without ...

SUSE CVE-2025-39923

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...

AZL-74850 CVE-2025-39923 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...

CVE-2025-39923

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...

PT-2025-40097

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the dmaengine subsystem, specifically within the Qualcomm BAM DMA driver. Insufficient error handling when required device tree properties clock and...

SUSE CVE-2017-8419

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...