mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-09 16:59:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

alsa-lib: patch CVE-2026-25068

Browse Source 
Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.

Use older SNDERR funtion as new one is not yet available.
This was copied from Debian patch.

(From OE-Core rev: 517bda641fcccbeae1988092196dc44ab7cc1491)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-02-20 21:54:23 +01:00
committed by Richard Purdie
parent 40ae5e31a4
commit ce6c389607
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch Normal file
View File

@@ -0,0 +1,34 @@
From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Thu, 29 Jan 2026 16:51:09 +0100
Subject: [PATCH] topology: decoder - add boundary check for channel mixer
count
Malicious binary topology file may cause heap corruption.
CVE: CVE-2026-25068
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
src/topology/ctl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/topology/ctl.c b/src/topology/ctl.c
index a0c24518..322c461c 100644
--- a/src/topology/ctl.c
+++ b/src/topology/ctl.c
@@ -1247,6 +1247,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
if (mc->num_channels > 0) {
map = tplg_calloc(heap, sizeof(*map));
map->num_channels = mc->num_channels;
+ if (map->num_channels > SND_TPLG_MAX_CHAN ||
+ map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
+ SNDERR("mixer: unexpected channel count %d", map->num_channels);
+ return -EINVAL;
+ }
for (i = 0; i < map->num_channels; i++) {
map->channel[i].reg = mc->channel[i].reg;
map->channel[i].shift = mc->channel[i].shift;

1
meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb
View File

@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \
file://0001-topology-correct-version-script-path.patch \
file://CVE-2026-25068.patch \
"
SRC_URI[sha256sum] = "9f3f2f69b995f9ad37359072fbc69a3a88bfba081fc83e9be30e14662795bb4d"