GSD-2023-1002394 ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak

ASoC: SOF: Intel: hda-dai: fix possible streamtag leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.232 by commit...

GSD-2023-1002299 ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak

ASoC: SOF: Intel: hda-dai: fix possible streamtag leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.13 by commit...

SUSE CVE-2005-3191

Multiple heap-based buffer overflows in the 1 DCTStream::readProgressiveSOF and 2 DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, as used in products such as a Poppler, b teTeX, c KDE kpdf, d pdftohtml, e KOffice KWord, f CUPS, and g...

SUSE CVE-2019-18811

A memory leak in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption by triggering sofgetctrlcopyparams failures, aka CID-45c1380358b1...

GSD-2023-1001886 ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()

ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfswrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

GSD-2023-1001852 ASoC: SOF: sof-audio: prepare_widgets: Check swidget for NULL on sink failure

ASoC: SOF: sof-audio: preparewidgets: Check swidget for NULL on sink failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

PT-2023-34928 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.11 Description: The issue is related to a potential null pointer dereference in the sof-audio component of the Linux Kernel. The problem arises when the swidget is not checked for NULL on sink failure in th...

GSD-2023-1001709 ASoC: Intel: sof-nau8825: fix module alias overflow

ASoC: Intel: sof-nau8825: fix module alias overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

GSD-2023-1000384 ASoC: SOF: Revert: "core: unregister clients and machine drivers in .shutdown"

ASoC: SOF: Revert: "core: unregister clients and machine drivers in .shutdown" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit...

GSD-2023-1000382 ASoC: SOF: mediatek: initialize panic_info to zero

ASoC: SOF: mediatek: initialize panicinfo to zero This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit...

PT-2023-33461 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to the ASoC: SOF core, where the impact and attack plausibility have not yet been proven. The problem is associated with the reversal of a specific commit related to...

PT-2023-33459 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to the initialization of panic info to zero in the ASoC: SOF: mediatek component. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

alsa-sof-firmware bug fix and enhancement update

An update is available for alsa-sof-firmware. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

kernel: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snddmafreepages when snddmaallocpages returns -ENOMEM because it leads to a NULL pointer dereference bug. The dmesg says: T1387 sof-audio-pci-intel-tgl...

alsa-sof-firmware bug fix and enhancement update

An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GSD-2022-1005508 ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

ASoC: SOF: debug: Fix potential buffer overflow by snprintf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

GSD-2022-1005507 ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

PT-2022-33766 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: A potential buffer overflow issue exists due to the use of snprintf in the ASoC: SOF: debug component. The actual impact and attack plausibility have not yet been proven. Recommendations: F...

GSD-2022-1005217 ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by comm...

GSD-2022-1005128 ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

ASoC: SOF: debug: Fix potential buffer overflow by snprintf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...