EUVD-2026-38832

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

CVE-2026-31755 usb: cdns3: gadget: fix NULL pointer dereference in ep_queue

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

CVE-2026-31755

Rooted in the Linux kernel usb cdns3 gadget: when an endpoint is disabled or unconfigured, ep->desc can be NULL and __cdns3_gadget_ep_queue() may dereference it, causing a kernel crash. A patch adds a check and returns -ESHUTDOWN for unconfigured endpoints. Upstream fixes exist (commit referen...

PT-2026-36390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 gadget ep queue function when a gadget endpoint is disabled or not yet configured. In these states, the ep-desc pointer can be NULL, leadin...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003593 advisory. drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003676 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003591 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000966)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000966 advisory. The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003031 advisory. The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003064)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003064 advisory. The iowarriorprobe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000819)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000819 advisory. The createfixedstreamquirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000271 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

UBUNTU-CVE-2025-68217

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker ca...

EUVD-2016-10787

Malware in sbrugna...

EUVD-2019-6172

Malware in sbrugna...

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed the issue of duplicate endpoints by clearing the reserved bits in the descriptor. Syzbot has identified a bug in usbcore see the Closes tag below. The bug is caused by our assumption that the reserved bits in the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Ensure that the descriptor has been set before checking maxpacket. This fixes a null pointer panic in this case. This issue may occur if the gadget does not properly set up the endpoi...

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...