15 matches found
CVE-2026-46184 sound: ua101: fix division by zero at probe
In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...
CVE-2026-25068 alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...
CVE-2025-68258
CVE-2025-68258 is a Linux kernel vulnerability in the comedi driver, specifically multiq3_attach(), where crafted config options could cause long task timeouts. Syzbot observed that setting s->n_chan via it->options[2] could trigger repeated multiq3_encoder_reset() calls, delaying processin...
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
...
CVE-2025-39923
CVE-2025-39923 concerns the Linux kernel dmaengine/qcom BAM driver. The root cause was missing error handling in DT parsing for required properties (clock and num-channels), which could allow probing to proceed unsafely and read channels from registers, risking early boot crashes across Qualcomm ...
CVE-2025-39923
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...
AZL-67431 CVE-2025-39810 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix memory corruption when FW resources change during ifdown bnxtsetdfltrings assumes that it is always called before any TC has been created. So it doesn't take bp-numtc into account and assumes that it is always 0 or 1...
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix memory corruption when FW resources change during ifdown bnxtsetdfltrings assumes that it is always called before any TC has been created. So it doesn't take bp-numtc into account and assumes that it is always 0 or 1...
UBUNTU-CVE-2025-38013
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...
CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
CVE-2021-3272
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...
CVE-2021-3272
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...
DEBIAN-CVE-2017-8419
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...
Out-of-bounds
The aacdecodeinit function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access...
CVE-2012-0852
The adpcmdecodeframe function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via an ADPCM fil...