202 matches found
CVE-2026-46179
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of struct sofconnstream declare a normallink a non-SOF, direct link string. This applies to SoCs that only support SO...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: Fixed NULL pointer dereferencing when ENOMEM occurs. Do not call snddmafreepages when snddmaallocpages returns -ENOMEM, as this can lead to a NULL pointer dereferencing bug. The dmesg indicates the following:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field will not be set. As a result, sofipc4routesetup will cause a kernel error when attempting to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthen the loops for querying ALH copiers Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be attache...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite. The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: In the net: stream module, the purge skerrorqueue operation in skstreamkillqueues has been fixed. Changheon Lee reported TCP socket leaks, with a detailed reproduction guide. It appears that we encounter TCP socket leaks in the...
CVE-2025-71286
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...
📄 Samsung libimagecodec.quram.so Buffer Overflow / Denial of Service
This proof of concept demonstrates a denial of service vulnerability in Samsung's libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the decoder performs unsafe size calculations duri...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21847)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21847 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2023-52663)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52663 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004008)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004008 advisory. A memory leak in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003671 advisory. A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent a jump to NULL for the addsidecar callback In the createsdwdailink function, it is checked that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if...
Malicious code in kapvino-sof-vaids (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 993cd77bda3fed27d22b840d37fc7fe4d0a36a6dc8d99b3bee23673e850ae6fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-140965
Malicious code in kapvino-sof-vaids npm...
EUVD-2025-140967
Malicious code in kapvino-sof-fidobi npm...
EUVD-2025-140964
Malicious code in kapvino-sof-vais npm...
EUVD-2025-140968
Malicious code in kapvino-sof-fidbi npm...
EUVD-2025-140970
Malicious code in kapvino-sof-fidabi npm...