[kirkstone,02/17] alsa-lib: patch CVE-2026-25068

Message ID	70145115785c63596ea997e0cf6577c43c4bedef.1773652940.git.yoann.congal@smile.fr
State	RFC, archived
Delegated to:	Yoann Congal
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/17] alsa-lib: patch CVE-2026-25068 Date: Mon, 16 Mar 2026 10:28:21 +0100 Message-ID: <70145115785c63596ea997e0cf6577c43c4bedef.1773652940.git.yoann.congal@smile.fr> In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr> References: <cover.1773652940.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/17] libtheora: set CVE_PRODUCT \| expand [kirkstone,01/17] libtheora: set CVE_PRODUCT [kirkstone,02/17] alsa-lib: patch CVE-2026-25068 [kirkstone,03/17] gdk-pixbuf: Fix CVE-2025-6199 [kirkstone,04/17] ffmpeg: patch CVE-2025-10256 [kirkstone,05/17] inetutils: patch CVE-2026-28372 [kirkstone,06/17] busybox: patch CVE-2025-60876 [kirkstone,07/17] tiff: patch CVE-2025-61143 [kirkstone,08/17] tiff: patch CVE-2025-61144 [kirkstone,09/17] tiff: set status of CVE-2025-61145 as fixed by patch for CVE-2025-8961 [kirkstone,10/17] gtk+3: fix incompatible-pointer-types errors for native build on Fedora 41 [kirkstone,11/17] libpam: fix CVE-2024-10963 [kirkstone,12/17] libpam: re-add missing libgen include [kirkstone,13/17] lsb.py: strip ' from os-release file [kirkstone,14/17] python3-pip: Fix CVE-2026-1703 [kirkstone,15/17] scripts/install-buildtools: Update to 4.0.33 [kirkstone,16/17] libcomps: Fix libcomps-native build on GCC14 hosts (e.g. Fedora 41) [kirkstone,17/17] createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41)

Message ID

70145115785c63596ea997e0cf6577c43c4bedef.1773652940.git.yoann.congal@smile.fr

State

RFC, archived

Delegated to:

Yoann Congal

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/17] alsa-lib: patch CVE-2026-25068
Date: Mon, 16 Mar 2026 10:28:21 +0100
Message-ID: 
 <70145115785c63596ea997e0cf6577c43c4bedef.1773652940.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr>
References: <cover.1773652940.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/17] libtheora: set CVE_PRODUCT | expand

Commit Message

Yoann Congal March 16, 2026, 9:28 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.

Use older SNDERR funtion as new one is not yet available.
This was copied from Debian patch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../alsa/alsa-lib/CVE-2026-25068.patch        | 34 +++++++++++++++++++
 .../alsa/alsa-lib_1.2.6.1.bb                  |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch

diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
new file mode 100644
index 00000000000..edc22fd62bc
--- /dev/null
+++ b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
@@ -0,0 +1,34 @@ 
+From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
+From: Jaroslav Kysela <perex@perex.cz>
+Date: Thu, 29 Jan 2026 16:51:09 +0100
+Subject: [PATCH] topology: decoder - add boundary check for channel mixer
+ count
+
+Malicious binary topology file may cause heap corruption.
+
+CVE: CVE-2026-25068
+
+Signed-off-by: Jaroslav Kysela <perex@perex.cz>
+
+Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/topology/ctl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/topology/ctl.c b/src/topology/ctl.c
+index a0c24518..322c461c 100644
+--- a/src/topology/ctl.c
++++ b/src/topology/ctl.c
+@@ -1246,6 +1246,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
+ 	if (mc->num_channels > 0) {
+ 		map = tplg_calloc(heap, sizeof(*map));
+ 		map->num_channels = mc->num_channels;
++		if (map->num_channels > SND_TPLG_MAX_CHAN ||
++		    map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
++			SNDERR("mixer: unexpected channel count %d", map->num_channels);
++			return -EINVAL;
++		}
+ 		for (i = 0; i < map->num_channels; i++) {
+ 			map->channel[i].reg = mc->channel[i].reg;
+ 			map->channel[i].shift = mc->channel[i].shift;
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.6.1.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.6.1.bb
index ca6bedae976..8c91863ad1f 100644
--- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.6.1.bb
+++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.6.1.bb
@@ -10,6 +10,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
                     "
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"
+SRC_URI += "file://CVE-2026-25068.patch"
 SRC_URI[sha256sum] = "ad582993d52cdb5fb159a0beab60a6ac57eab0cc1bdf85dc4db6d6197f02333f"
 
 inherit autotools pkgconfig

[kirkstone,02/17] alsa-lib: patch CVE-2026-25068

Commit Message

Patch