258 matches found
CVE-2026-43135 media: cx23885: Add missing unmap in snd_cx23885_hw_params()
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect allocation of byte control data in the ipc4-topology module of the SOF audio driver...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fixed the BUGON in the probe function. The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following issue: 9.625915 ------------ Cut here ----------...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A race condition was detected in the Linux kernel’s sound/hda device driver, specifically in the sndhdacregmapsync function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fixed NULL pointer dereferencing in cs35l41hdareadacpi The acpigetfirstphysicalnode function may return NULL. In such cases, the getdevice function also returns NULL. However, this value is then dereferenced...
CVE-2026-31777
The CVE-2026-31777 entry concerns the Linux kernel ALSA ctxfi driver. The root cause is the driver’s missing validation of the return value from daio_device_index(), leading to incorrect assumptions and potential system instability. Documents indicate this has been resolved via patches. Remediati...
PT-2026-36412
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing error check in the ALSA ctxfi driver occurs because the driver assumes the daio device index function always returns a proper value. This lack of validation can lead to stabili...
ALSA: ctxfi: Limit PTP to a single page
...
SUSE CVE-2026-31602
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010960)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010960 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in...
CVE-2025-71192
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in sndac97controllerregister If ac97addadapter fails, putdevice is the correct way to drop the device reference. kfree is not required. Add kfree if idralloc fails and in ac97adapterrelease to do the...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double deallocation in the sndac97controllerregister function...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001634)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001634 advisory. The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly hav...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003347)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003347 advisory. The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly hav...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003341)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003341 advisory. The sndusbcreatestreams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and system...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000819)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000819 advisory. The createfixedstreamquirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause...
UBUNTU-CVE-2025-71081
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the setsync callback fails during DAI probe. Make sure to drop the referen...
SUSE CVE-2023-54308
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...
PT-2025-54154
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snd devm card new snd card ymfpci remove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to snd card new was not replaced...