Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002233 advisory. The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002496 advisory. The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987384 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexpartialdestroywork Syzbot reported memory leak in...

kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails

A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...

Code Injection

hono is vulnerable to Code Injection. The vulnerability is due to gHSets method lacking isolation in the handler set parameters for each request. An attacker can potentially exploit this by overriding named path parameters from previous requests, leading to unintended parameter usage in subsequen...

kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function

A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...

CVE-2023-21150

In handlesetparametersctrl of halsocket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel that stems from an incorrect bounds check in handlesetparametersctrl of the halsocket.c file, which may result in an out-of-bounds read...

SUSE CVE-2014-9904

The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact...

UBUNTU-CVE-2012-6703

Integer overflow in the sndcomprallocatebuffer function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact via a crafted...