CVE-2026-23679

A flaw was found in libusb. An attacker can provide a specially crafted Universal Serial Bus USB configuration descriptor to applications using libusb. This malformed descriptor can lead to a null pointer dereference, causing the application to crash and resulting in a denial of service. This...

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

PT-2026-43696

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A NULL pointer dereference occurs when a malformed USB configuration descriptor is supplied. Specifically, if an interface claims bNumEndpoints greater than zero but is followed by a class-specific...

Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for Rocky Linux Kernel

Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for Rocky Linux Kernel CVE-2022-50673 - Linux Kernel 'ext4' Vulnerable to Use-After-Free via Improper Error Handling in 'ext4orphancleanup' CVE-2022-50865 - Linux Kernel Vulnerable to Signed Integer Overflow via Backlog Limit...

DEBIAN-CVE-2026-31604

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006895)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006895 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usbparsessendpointcompanion...

kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing

A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the usbparsessendpointcompanion function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003734)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003734 advisory. In parsehidreportdescriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

EUVD-2025-206283

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

CVE-2025-55097

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

CVE-2025-55098

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...

CVE-2025-55096

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclasshidreportdescriptorget when parsing a descriptor of an USB HID device...

CVE-2025-55098

CVE-2025-55098 affects USBX (USB support module for Eclipse Foundation ThreadX) prior to 6.4.3. The vulnerability is a potential out-of-bounds read in the function _ux_host_class_audio_device_type_get() when parsing a USB audio device descriptor. Multiple sources (NVD, Red Hat, CVE lists) confirm...

EUVD-2025-34866

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...

CVE-2025-55097

CVE-2025-55097 affects the USBX USB host module in Eclipse ThreadX prior to version 6.4.3, where an out-of-bounds read can occur in _ux_host_class_audio_streaming_sampling_get() while parsing a USB streaming device descriptor. The issue is described across multiple sources (NVD, Red Hat, CVE reco...

CVE-2025-55097 Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

CVE-2025-55097 Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

EUVD-2025-34867

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

CVE-2025-55096 Inadequate bounds check and potential underflow in _ux_host_class_hid_report_descriptor_get()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclasshidreportdescriptorget when parsing a descriptor of an USB HID device...