Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent a jump to NULL for the addsidecar callback In the createsdwdailink function, it is checked that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of the struct sofconnstream declaration declare a normallink a non-SOF, direct link string. This applies to SoCs that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field will not be set. As a result, sofipc4routesetup will cause a kernel error when attempting to...

CVE-2026-46179

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...

CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the net: stream module, the purge skerrorqueue operation in skstreamkillqueues has been fixed. Changheon Lee reported TCP socket leaks, with a detailed reproduction guide. It appears that we encounter TCP socket leaks in the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: Fixed NULL pointer dereferencing when ENOMEM occurs. Do not call snddmafreepages when snddmaallocpages returns -ENOMEM, as this can lead to a NULL pointer dereferencing bug. The dmesg indicates the following:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...

📄 Samsung libimagecodec.quram.so Buffer Overflow / Denial of Service

This proof of concept demonstrates a denial of service vulnerability in Samsung's libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the decoder performs unsafe size calculations duri...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2023-52663)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52663 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21847)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21847 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003671 advisory. A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004008 advisory. A memory leak in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...

EUVD-2025-140967

Malicious code in kapvino-sof-fidobi npm...

EUVD-2025-140971

Malicious code in kapvino-sof-fidaabi npm...

EUVD-2025-140965

Malicious code in kapvino-sof-vaids npm...

Malicious code in kapvino-sof-fidaabi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 642d1cd66002ad67c50bdc75a06e70cd2e163e4add1d4dd1f5b32fc84467be59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kapvino-sof-vaids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 993cd77bda3fed27d22b840d37fc7fe4d0a36a6dc8d99b3bee23673e850ae6fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-140969

Malicious code in kapvino-sof-fidaobi npm...

EUVD-2025-140968

Malicious code in kapvino-sof-fidbi npm...