Linux Distros Unpatched Vulnerability : CVE-2025-38134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: acpi: Prevent null pointer dereference in usbacpiaddusb4devlink As demonstrated by the...

SUSE CVE-2025-38584

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...

CVE-2025-38604

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not kille...

CVE-2025-38573

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

CVE-2025-38558

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcgframebasedmake due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca...

DEBIAN-CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

CVE-2025-38604 wifi: rtl818x: Kill URBs before clearing tx status queue

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not kille...

CVE-2025-38584 padata: Fix pd UAF once and for all

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...

CVE-2025-38573 spi: cs42l43: Property entry should be a null-terminated array

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

CVE-2025-38558 usb: gadget: uvc: Initialize frame-based format color matching descriptor

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcgframebasedmake due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca...

CVE-2025-38558

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcgframebasedmake due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca...

CVE-2025-38555 usb: gadget : fix use-after-free in composite_dev_cleanup()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

CVE-2024-45062

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would...

CVE-2024-45062

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would...

UBUNTU-CVE-2024-45062

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would...

CVE-2024-45062

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would...

Linux Distros Unpatched Vulnerability : CVE-2020-24750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...

Linux Distros Unpatched Vulnerability : CVE-2018-6125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information v...

Linux Distros Unpatched Vulnerability : CVE-2025-38474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoin...

Linux Distros Unpatched Vulnerability : CVE-2022-20009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...