From: Peter Marko <[email protected]> Pick patch mentioned in NVD report. It also includes CVE ID in commit message.
Signed-off-by: Peter Marko <[email protected]> --- .../alsa/alsa-lib/CVE-2026-25068.patch | 34 +++++++++++++++++++ .../alsa/alsa-lib_1.2.15.3.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch new file mode 100644 index 0000000000..9bb24c24e2 --- /dev/null +++ b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch @@ -0,0 +1,34 @@ +From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001 +From: Jaroslav Kysela <[email protected]> +Date: Thu, 29 Jan 2026 16:51:09 +0100 +Subject: [PATCH] topology: decoder - add boundary check for channel mixer + count + +Malicious binary topology file may cause heap corruption. + +CVE: CVE-2026-25068 + +Signed-off-by: Jaroslav Kysela <[email protected]> + +Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40] +Signed-off-by: Peter Marko <[email protected]> +--- + src/topology/ctl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/topology/ctl.c b/src/topology/ctl.c +index a0c24518..322c461c 100644 +--- a/src/topology/ctl.c ++++ b/src/topology/ctl.c +@@ -1250,6 +1250,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg, + if (mc->num_channels > 0) { + map = tplg_calloc(heap, sizeof(*map)); + map->num_channels = mc->num_channels; ++ if (map->num_channels > SND_TPLG_MAX_CHAN || ++ map->num_channels > SND_SOC_TPLG_MAX_CHAN) { ++ snd_error(TOPOLOGY, "mixer: unexpected channel count %d", map->num_channels); ++ return -EINVAL; ++ } + for (i = 0; i < map->num_channels; i++) { + map->channel[i].reg = mc->channel[i].reg; + map->channel[i].shift = mc->channel[i].shift; diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb index fec4b2c1a9..1ebb356925 100644 --- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb +++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \ " SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"; +SRC_URI += "file://CVE-2026-25068.patch" SRC_URI[sha256sum] = "7b079d614d582cade7ab8db2364e65271d0877a37df8757ac4ac0c8970be861e" inherit autotools pkgconfig
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231548): https://lists.openembedded.org/g/openembedded-core/message/231548 Mute This Topic: https://lists.openembedded.org/mt/117917076/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
