CVE-2026-46048

A flaw was found in the Linux kernel's ALSA caiaq driver. This vulnerability, a reference count leak, occurs when the createcard function acquires a reference to a USB device, but the corresponding release is not performed if initcard fails before the destructor is properly assigned. A local...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

CVE-2024-8272 macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

CVE-2024-8272

CVE-2024-8272 affects macOS Universal Audio (UAConnect) and targets the com.uaudio.bsd.helper service. The issue is a missing validation of clients during XPC IPC: the service does not verify code requirements, entitlements, or security flags of connecting clients, enabling unauthorized clients t...