EUVD-2026-5057

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: allow partial RX URB allocation to succeed When es58xallocrxurbs fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58xopen to return early,...

CVE-2026-23031 can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

EUVD-2026-5063

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

EUVD-2026-5064

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchipusb2phyprobe The foreachavailablechildofnode calls ofnodeput to release childnp in each success loop. After breaking from the loop with the childnp has been released, the...

EUVD-2026-5073

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...

CVE-2026-23021

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...

CVE-2026-23021

CVE-2026-23021 affects the Linux kernel component: net: usb: pegasus. The memory leak occurs in update_eth_regs_async() when usb_submit_urb() fails, failing to release resources allocated up to that point. Public advisories indicate upstream kernel fixes (e.g., 6.6.130 lineage and related patches...

CVE-2026-23021 net: usb: pegasus: fix memory leak in update_eth_regs_async()

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...

CVE-2026-23015 gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference obtained by calling usbgetdev is not released in the gpiompsseprobe error paths. Fix that by using device managed helper functions. Also remove the...

CVE-2026-23015

CVE-2026-23015 relates to the Linux kernel gpio_mpsse driver: a reference leak in gpio_mpsse_probe() error paths due to usb_get_dev() not being released. The fix uses device-managed helper functions and removes the usb_put_dev() call in the disconnect path, allowing automatic release of the refer...

mtkclient

🚀 mtkclient - Easily Flash and Repair Mediatek Devices !Dow...

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

CVE-2025-15543 Read-Only Root Access via USB Storage Device in TP-Link VX800v

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

CVE-2025-15543 Read-Only Root Access via USB Storage Device in TP-Link VX800v

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

EUVD-2025-206534

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

OPENSUSE-RU-2026:20129-1 Recommended update for cloud-init

This update for cloud-init fixes the following issues: Changes in cloud-init: - Fix dependency replace -serial with -pyserial - Drop unneeded test dependency on httpretty, fixed long ago https://github.com/canonical/cloud-init/pull/1720 - Update to version 25.1.3 bsc1245401 , CVE-2024-6174,...

PT-2026-5322

Name of the Vulnerable Software and Affected Versions VX800v version 1.0 Description A flaw exists in the USB HTTP access path that results in improper link resolution. This allows a specially crafted USB device to reveal the root filesystem contents, granting an attacker with physical access...

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:0316-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0316-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-49604,CVE-2025-40074: ip: Fix data-races around sysctlipfwdusepmtu bsc1238414 bsc1252794. CVE-2022-50527: drm/amdgpu: Fix size validation for non-exclusive domains...