CVE-2026-46179

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of the struct sofconnstream declaration declare a normallink a non-SOF, direct link string. This applies to SoCs that...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent a jump to NULL for the addsidecar callback. In the createsdwdailink function, it is checked that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field will not be set. As a result, sofipc4routesetup will cause a kernel error when attempting to...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the net: stream module, the purge skerrorqueue operation in skstreamkillqueues has been fixed. Changheon Lee reported TCP socket leaks, with a detailed reproduction code. It appears that we encounter TCP socket leaks in the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: Fixed NULL pointer dereferencing when ENOMEM occurs. Do not call snddmafreepages when snddmaallocpages returns -ENOMEM, as this can lead to a NULL pointer dereferencing bug. The dmesg message indicates the...

CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthen the loops for querying ALH copiers. Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be...

📄 Samsung libimagecodec.quram.so Buffer Overflow / Denial of Service

This proof of concept demonstrates a denial of service vulnerability in Samsung's libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the decoder performs unsafe size calculations duri...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21847)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21847 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2023-52663)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52663 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003671 advisory. A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004008 advisory. A memory leak in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...

Malicious code in kapvino-sof-vas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d22d0f08eee05b41c5123e15694885a807316cda4c4c6d5ef97665602ab3f261 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-140970

Malicious code in kapvino-sof-fidabi npm...

EUVD-2025-140971

Malicious code in kapvino-sof-fidaabi npm...

EUVD-2025-140969

Malicious code in kapvino-sof-fidaobi npm...

Malicious code in kapvino-sof-vaidas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6a8b05ea6db4286402ff926cc58ce8fc49e806da74d6e8a22709842e0516b96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-140963

Malicious code in kapvino-sof-vas npm...