ALSA: fireworks: bound device-supplied status before string array lookup

...

CVE-2026-31619

The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...

PT-2026-34971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA fireworks component where the system fails to properly validate the status field in an EFW response. This field is a 32-bit value supplied by the firewire...

EUVD-2019-4912

Malware in sbrugna...

UBUNTU-CVE-2022-49403

In the Linux kernel, the following vulnerability has been resolved: lib/stringhelpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must to automatically release strarray when the device disappears. Without this fix we have a memory...

CVE-2022-49403

The CVE-2022-49403 entry concerns the Linux kernel component lib/string_helpers. The vulnerability was resolved by adding an allocated strarray to a device’s resource list, ensuring automatic release when the device disappears. Root cause: strarray not being added to the device’s resource list, w...

SUSE CVE-2022-48661

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path...

DEBIAN-CVE-2022-48661

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path...

UBUNTU-CVE-2022-48661

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path...

CVE-2022-48661 gpio: mockup: Fix potential resource leakage when register a chip

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path...

UBUNTU-CVE-2023-27598

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

UBUNTU-CVE-2018-16657

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcittstringarray core function for calculating a CRC hash for To tags. An additional error is present ...