50 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed a race condition that could lead to UAF in sndusbmidifree. The previous commit 0718a78f6a9f “ALSA: usb-audio: Properly terminates the timer upon deletion” addressed an UAF issue caused by the error timer...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Remove sndBUGON from sndusbmidioutputopen The sndusbmidiOutputOpen function includes a check for the NULL port with sndBUGON. sndBUGON was used because this shouldn’t have happened. However, in reality, the NULL...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990742)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990742 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the...
EUVD-2022-54687
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...
SUSE CVE-2025-39997
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
EUVD-2025-34576
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
CVE-2025-39997
CVE-2025-39997: Linux kernel ALSA USB-Audio snd_usbmidi_free race to use-after-free. Root cause: an error timer kill added by commit 0718a78f (ALSA: usb-audio) runs after endpoint deletion, enabling a rare UAF in interrupt context; missing urb cleanup can also access freed memory. The fix is to k...
EUVD-2025-6281
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-21859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit,...
AZL-64505 CVE-2025-38105 affecting package kernel for versions less than 6.6.112.1-1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned...
SUSE CVE-2022-49772
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen sndusbmidioutputopen has a check of the NULL port with sndBUGON. sndBUGON was used as this shouldn't have happened, but in reality, the NULL port may be seen when the devic...
CVE-2025-21859
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit, causing a deadlock. Fix it by using queuework to schedule the inner...
CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit, causing a deadlock. Fix it by using queuework to schedule the inner...
CVE-2025-21859
CVE-2025-21859 affects the Linux kernel USB gadget f_midi path; a deadlock occurs when a lock is acquired twice in a re-entrant f_midi_transmit. The fix is to schedule the inner f_midi_transmit via a high-priority work queue using queue_work() from the completion handler. Patched commits are refe...
CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit, causing a deadlock. Fix it by using queuework to schedule the inner...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the use of a lock in USB MIDI resulting in a deadlock...
Linux Distros Unpatched Vulnerability : CVE-2022-49545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would...
CVE-2022-49545
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...
CVE-2022-49545
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...
CVE-2022-49545 ALSA: usb-audio: Cancel pending work at closing a MIDI substream
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...