Bixuan Cui

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the ALSA component in the Linux kernel, where the period size calculation in the OSS layer may receive a negative value as an error. However, the code assumes only positive values and handles them with size t, which can lead to a too big value being passed to the lower layers. This can cause a buffer overflow. The patch changes the code to handle the error with ssize t and adds proper error checks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the ALSA pcm oss component in the Linux kernel, where a too large period size could lead to memory exhaustion as temporary buffers of the period size are allocated. The practical limit to the period size has been set to 16MB to cover all use cases. This could potentially lead to a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.