64 matches found
ALSA: usb-audio: Bound MIDI endpoint descriptor scans
...
EUVD-2026-38832
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
CVE-2026-52964
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
CVE-2026-52964
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
CVE-2026-52964
Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...
CVE-2026-52964 ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
PT-2026-51858
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...
PT-2026-51857
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the snd usbmidi get ms info function fails to properly bound MIDI endpoint descriptor scans. While the function validates the intern...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Ensure that the descriptor has been set before checking maxpacket. This fixes a null pointer panic in this case. This issue may occur if the gadget does not properly set up the endpoi...
CVE-2026-31755
Rooted in the Linux kernel usb cdns3 gadget: when an endpoint is disabled or unconfigured, ep->desc can be NULL and __cdns3_gadget_ep_queue() may dereference it, causing a kernel crash. A patch adds a check and returns -ESHUTDOWN for unconfigured endpoints. Upstream fixes exist (commit referen...
CVE-2026-31755 usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...
PT-2026-36390
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 gadget ep queue function when a gadget endpoint is disabled or not yet configured. In these states, the ep-desc pointer can be NULL, leadin...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003676)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003676 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003591)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003591 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000966)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000966 advisory. The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003593)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003593 advisory. drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003031)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003031 advisory. The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003064)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003064 advisory. The iowarriorprobe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000819)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000819 advisory. The createfixedstreamquirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause...