CVE-2026-25068

Vulnerability

CVE-2026-25068

alsa-lib: alsa-lib Topology Decoder Heap-based Buffer Overflow

ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.

References
severityM
Moderate

type: vendor

source: secalert@redhat.com

CVSS3.1
4.3MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AVNetwork
ACLow
PRNone
UIRequired
SNot Changed
CNone
INone
ALow

source: secalert@redhat.com

 CWE
CWE-787

Out-of-bounds Write

source: secalert@redhat.com

published: 2026-01-29 19:08:03

modified: 2026-01-30 21:25:33

Detection

redhat:10
CVE-2026-25068

redhat-vex

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-ucm

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-10:55adfe32-2d28-c558-6d19-cd6ca1626e8a

redhat:6
CVE-2026-25068

redhat-vex

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-6-els:729882f5-7b35-3748-9e8e-7a5ae4d1e385

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-6-extras-including-unpatched:729882f5-7b35-3748-9e8e-7a5ae4d1e385

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-6-including-unpatched:729882f5-7b35-3748-9e8e-7a5ae4d1e385

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-6-supplementary:729882f5-7b35-3748-9e8e-7a5ae4d1e385

redhat:7
CVE-2026-25068

redhat-vex

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-7-extras-including-unpatched:68d1e9cb-1278-07ac-4de5-a4e14e38643e

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-7-including-unpatched:68d1e9cb-1278-07ac-4de5-a4e14e38643e

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-7-supplementary:68d1e9cb-1278-07ac-4de5-a4e14e38643e

redhat:8
CVE-2026-25068

redhat-vex

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-ucm

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-8-including-unpatched:6cc84770-4f1f-31d7-c8e6-86b37d133f9b

redhat:9
CVE-2026-25068

redhat-vex

OR

unfixedFix deferred

 

alsa-lib-devel

package type: binary

type: version
unfixedFix deferred

 

alsa-ucm

package type: binary

type: version
unfixedFix deferred

 

alsa-lib

package type: source

type: version

tag: rhel-9-including-unpatched:6864f7af-f81f-388f-2a9c-53a27c2b1450

Data Sources

  • RedHat Enterprise Linux CSAF VEX

    redhat-vex

VulsFutureVuls|GitHub Logo IconGitHub