microsoft · CBL-Mariner-Bot · Feb 11, 2026 · Feb 11, 2026
@@ -0,0 +1,36 @@
+From a5eb94d680ffae07cf1ea0068883f9276d3bce1a Mon Sep 17 00:00:00 2001
+From: Jaroslav Kysela <[email protected]>
+Date: Thu, 29 Jan 2026 16:51:09 +0100
+Subject: [PATCH] topology: decoder - add boundary check for channel mixer
+ count
+
+Malicious binary topology file may cause heap corruption.
+
+CVE: CVE-2026-25068
+
+Signed-off-by: Jaroslav Kysela <[email protected]>
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40.patch
+---
+ src/topology/ctl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/topology/ctl.c b/src/topology/ctl.c
+index dd05424..18748da 100644
+--- a/src/topology/ctl.c
++++ b/src/topology/ctl.c
+@@ -1246,6 +1246,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
+ 	if (mc->num_channels > 0) {
+ 		map = tplg_calloc(heap, sizeof(*map));
+ 		map->num_channels = mc->num_channels;
++		if (map->num_channels > SND_TPLG_MAX_CHAN ||
++		    map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
++			snd_error(TOPOLOGY, "mixer: unexpected channel count %d", map->num_channels);
++			return -EINVAL;
++		}
+ 		for (i = 0; i < map->num_channels; i++) {
+ 			map->channel[i].reg = mc->channel[i].reg;
+ 			map->channel[i].shift = mc->channel[i].shift;
+-- 
+2.45.4
+
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "alsa-lib-1.2.6.1.tar.bz2": "ad582993d52cdb5fb159a0beab60a6ac57eab0cc1bdf85dc4db6d6197f02333f"
- }
-}
+  "Signatures": {
+    "alsa-lib-1.2.15.3.tar.bz2": "7b079d614d582cade7ab8db2364e65271d0877a37df8757ac4ac0c8970be861e"
+  }
+}
@@ -1,13 +1,15 @@
 Summary:        ALSA library
 Name:           alsa-lib
-Version:        1.2.6.1
-Release:        2%{?dist}
+Version:        1.2.15.3
+Release:        1%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/Internet
 URL:            https://alsa-project.org
 Source0:        https://www.alsa-project.org/files/pub/lib/%{name}-%{version}.tar.bz2
+Patch0:         CVE-2026-25068.patch
+
 BuildRequires:  python3-devel
 BuildRequires:  python3-libs
 Requires:       python3
@@ -24,7 +26,7 @@ Requires:       %{name} = %{version}
 It contains the libraries and header files to create applications
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure
@@ -46,6 +48,10 @@ make DESTDIR=%{buildroot} install
 %{_includedir}/*
 
 %changelog
+* Wed Feb 11 2026 CBL-Mariner Servicing Account <[email protected]> - 1.2.15.3-1
+- Auto-upgrade to 1.2.15.3
+- Patch for CVE-2026-25068
+
 * Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 1.2.6.1-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 

@@ -145,8 +145,8 @@
         "type": "other",
         "other": {
           "name": "alsa-lib",
-          "version": "1.2.6.1",
-          "downloadUrl": "https://www.alsa-project.org/files/pub/lib/alsa-lib-1.2.6.1.tar.bz2"
+          "version": "1.2.15.3",
+          "downloadUrl": "https://www.alsa-project.org/files/pub/lib/alsa-lib-1.2.15.3.tar.bz2"
         }
       }
     },