diff options
| author | Peter Marko <peter.marko@siemens.com> | 2026-02-20 21:54:23 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2026-02-27 17:45:07 +0000 |
| commit | ce6c38960787cdad293cdce63d6e2e8b6b6987c5 (patch) | |
| tree | 87c6969cb5a6832555bce425f8cb207e22fe75df /meta | |
| parent | 40ae5e31a499b6f3ebf3d0dd927e1cd0543eeb52 (diff) | |
| download | poky-ce6c38960787cdad293cdce63d6e2e8b6b6987c5.tar.gz | |
alsa-lib: patch CVE-2026-25068
Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.
Use older SNDERR funtion as new one is not yet available.
This was copied from Debian patch.
(From OE-Core rev: 517bda641fcccbeae1988092196dc44ab7cc1491)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch new file mode 100644 index 0000000000..5ecefc5aae --- /dev/null +++ b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jaroslav Kysela <perex@perex.cz> | ||
| 3 | Date: Thu, 29 Jan 2026 16:51:09 +0100 | ||
| 4 | Subject: [PATCH] topology: decoder - add boundary check for channel mixer | ||
| 5 | count | ||
| 6 | |||
| 7 | Malicious binary topology file may cause heap corruption. | ||
| 8 | |||
| 9 | CVE: CVE-2026-25068 | ||
| 10 | |||
| 11 | Signed-off-by: Jaroslav Kysela <perex@perex.cz> | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40] | ||
| 14 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 15 | --- | ||
| 16 | src/topology/ctl.c | 5 +++++ | ||
| 17 | 1 file changed, 5 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/src/topology/ctl.c b/src/topology/ctl.c | ||
| 20 | index a0c24518..322c461c 100644 | ||
| 21 | --- a/src/topology/ctl.c | ||
| 22 | +++ b/src/topology/ctl.c | ||
| 23 | @@ -1247,6 +1247,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg, | ||
| 24 | if (mc->num_channels > 0) { | ||
| 25 | map = tplg_calloc(heap, sizeof(*map)); | ||
| 26 | map->num_channels = mc->num_channels; | ||
| 27 | + if (map->num_channels > SND_TPLG_MAX_CHAN || | ||
| 28 | + map->num_channels > SND_SOC_TPLG_MAX_CHAN) { | ||
| 29 | + SNDERR("mixer: unexpected channel count %d", map->num_channels); | ||
| 30 | + return -EINVAL; | ||
| 31 | + } | ||
| 32 | for (i = 0; i < map->num_channels; i++) { | ||
| 33 | map->channel[i].reg = mc->channel[i].reg; | ||
| 34 | map->channel[i].shift = mc->channel[i].shift; | ||
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb index c212b17aa3..e86239ff87 100644 --- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb +++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb | |||
| @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \ | |||
| 11 | 11 | ||
| 12 | SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \ | 12 | SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \ |
| 13 | file://0001-topology-correct-version-script-path.patch \ | 13 | file://0001-topology-correct-version-script-path.patch \ |
| 14 | file://CVE-2026-25068.patch \ | ||
| 14 | " | 15 | " |
| 15 | SRC_URI[sha256sum] = "9f3f2f69b995f9ad37359072fbc69a3a88bfba081fc83e9be30e14662795bb4d" | 16 | SRC_URI[sha256sum] = "9f3f2f69b995f9ad37359072fbc69a3a88bfba081fc83e9be30e14662795bb4d" |
| 16 | 17 | ||