20 matches found
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added missing error checks to ctlget The ctlget functions that call scarlett2update did not check the return value. This issue has been fixed by adding error checks and passing the return value to the caller...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a missing error check to scarlett2usbsetconfig. The scarlett2usbsetconfig function calls scarlett2usbget, but did not check the result. If this function fails, an error is returned instead of continuing wit...
CVE-2026-43436
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB-audio driver, specifically within the Scarlett2 mixer quirk. A local attacker could exploit this vulnerability by providing a specially crafted, malformed USB descriptor. This could lead to a NULL dereference in the...
UBUNTU-CVE-2026-43436
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...
CVE-2026-43436 ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...
CVE-2026-43436
The CVE-2026-43436 vulnerability affects the Linux kernel ALSA USB-audio driver (Scarlett2 mixer quirk). A malformed USB descriptor can trigger a NULL dereference in scarlett2_find_fc_interface() due to assuming an endpoint exists. The patch adds a sanity check for bNumEndpoints and skips invalid...
Linux Distros Unpatched Vulnerability : CVE-2026-43436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a...
CVE-2026-23078
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2usbgetconfig function has a logic error in the endianness conversion code that can cause buffer overflows when count 1. The code checks if size == 2 where size...
CVE-2026-23078 ALSA: scarlett2: Fix buffer overflow in config retrieval
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2usbgetconfig function has a logic error in the endianness conversion code that can cause buffer overflows when count 1. The code checks if size == 2 where size...
EUVD-2026-5465
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2usbgetconfig function has a logic error in the endianness conversion code that can cause buffer overflows when count 1. The code checks if size == 2 where size...
CVE-2025-38629
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...
CVE-2025-38629 ALSA: usb: scarlett2: Fix missing NULL check
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...
CVE-2025-38629 ALSA: usb: scarlett2: Fix missing NULL check
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...
CVE-2025-38629
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...
The vulnerability of the scarlett2 component in the Linux operating system, which allows a hacker to trigger a service failure.
The vulnerability of the scarlett2 component in the Linux operating system is related to improper error handling in the scarlett2usbsetconfig function. Exploiting this vulnerability can allow an attacker to cause a service failure...
OESA-2024-1964 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 "s390/qeth: fix deadlock during recovery" removed taking disciplinemutex inside qethdoreset,...
DEBIAN-CVE-2023-52689
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2meterctlget uses meterlevelmap, the datamutex should be locked while accessing it...
DEBIAN-CVE-2023-52674
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp in scarlett2mixerctlput Ensure the value passed to scarlett2mixerctlput is between 0 and SCARLETT2MIXERMAXVALUE so we don't attempt to access outside scarlett2mixervalues...
UBUNTU-CVE-2023-52674
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp in scarlett2mixerctlput Ensure the value passed to scarlett2mixerctlput is between 0 and SCARLETT2MIXERMAXVALUE so we don't attempt to access outside scarlett2mixervalues...
UBUNTU-CVE-2023-52689
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2meterctlget uses meterlevelmap, the datamutex should be locked while accessing it...