45 matches found
CVE-2024-44960 usb: gadget: core: Check for unset descriptor
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for...
CVE-2024-41097
CVE-2024-41097 concerns the Linux kernel USB ATM cxacru driver. The issue stemmed from incomplete endpoint checking during cxacru_bind(), which could cause wrong endpoint types to be used when submitting URBs. The patch adds verification that required endpoint types are present for both IN and OU...
CVE-2024-36977
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3usb3 = 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWCusb3 controller...
CVE-2024-36894 usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...
CVE-2021-47220
CVE-2021-47220 : This CVE ID is rejected and not an active vulnerability entry.
CVE-2021-47220
...
The vulnerability of the update_port_device_state() function in the Linux kernel USB driver allows a hacker to induce a service failure.
The vulnerability of the updateportdevicestate function in the drivers/usb/core/hub.c file of the Linux kernel’s USB driver relates to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2024-26932
Mode C: CVE-2024-26932 affects the Linux kernel USB Type-C tcpm path. The issue is a double-free of the same capabilitiy when unregistering PD capabilities in tcpm_port_unregister_pd(), where the first free occurs via pd_capabilities_release() and the second is explicit in tcpm_port_unregister_pd...
CVE-2021-47173
CVE-2021-47173 is a Linux kernel issue described in connected advisories as a memory-leak bug in the USB subsystem. Specifically, the probe for the uss720 device (uss720_probe) forgets to decrement the usbdev refcount, leading to a memory leak. The fix recorded in the sources is to release the de...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...
CVE-2021-46933
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from both ffsfskillsb and ffsep0release, so it ends up being called twice when userland closes ep0 and then unmounts ffs. If userland provided ...
CVE-2021-46933 usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from both ffsfskillsb and ffsep0release, so it ends up being called twice when userland closes ep0 and then unmounts ffs. If userland provided ...
USN-6549-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...
CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
CVE-2023-37453
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c...
The vulnerability of the Linux operating system’s kernel USB driver allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the Linux operating system’s kernel USB driver is related to the use of a buffer for writing after deletion in the putdev function. Exploiting this vulnerability can allow an attacker to cause a service failure or increase their privileges...
CVE-2022-41849
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open, aka a race condition between ufxopsopen and ufxusbdisconnect...
CVE-2017-16644
The hdpvrprobe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service improper error handling and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-16650
The qmiwwanbind function in drivers/net/usb/qmiwwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service divide-by-zero error and system crash or possibly have unspecified other impact via a crafted USB device...