Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - usb: dwc2: gadget: Fixed the mismatch between spinlock and unlock calls in dwc2hsotgudcstop. - dwc2gadgetexitclockgating internally calls the callgadget macro. This macro expects hsotg-lock to be held since it performs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue regarding the incorrect skb being used during the comparison of the queued RESP challenge serial number has been fixed. In rxrpcpostresponse, the code should compare the challenge serial number from the cached...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: GPIB: LPVOUSB – Fixed a memory leak that occurred when USB devices were disconnected. The driver iterates over the registered USB interfaces during GPIB attachment and takes a reference to their USB devices until a match is found...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Moving vbus draw to the workqueue context Currently, the dwc3gadgetvbusdraw function can be called from an atomic context. This, in turn, invokes APIs from the power-supply-core. Some of these PMIC APIs have...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fixed a memory leak in updateeth regs async When writing to the device registers asynchronously, and if usbsubmiturb fails, the code fails to release the resources allocated for this process...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed the issue of null pointer dereferencing on the pointer csdesc. The pointer csdesc is returned from sndusbfindclocksource; this pointer may be null, resulting in a potential null pointer dereferencing issue...

Astra Linux - уязвимость в chromium

Insufficient data validation in the USB component of Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a hang issue in usbkillurb by adding memory barriers. The syzbot fuzzer has identified a bug in which processes hang while waiting for usbkillurb to return. It turns out that the issue isn’t related to unmounting...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-sitronix-st7701: Remove the panel when DSI attachment fails. In the event that mipidsiattach fails, call drmpanelremove to avoid a memory leak...

Astra Linux - уязвимость в u-boot

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bind the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker creates a USB DFU download...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: A resource leak was fixed in the error handling path. The call dspirequestdma should be undone by a call to dspireleasedma in the error handling path of the probe function, as already done in the remove functio...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: UAS – Fix for the URB unmapping issue when the UAS device is removed during ongoing data transfer When a UAS device is unplugged during data transfer, there is a possibility of a system panic occurring. The root cause is...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: A out-of-bounds bug has been fixed in the sndusbParseAudioInterface function. There may be a faulty USB audio device with a USB ID of 0x04fa, 0x4201, and with fewer than 4 interfaces. A out-of-bounds read bug...

Linux Distros Unpatched Vulnerability : CVE-2026-43375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a drive...

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

Tabby 操作系统命令注入漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions prior to Tabby 1.0.233 contained an operating system command injection vulnerability. This vulnerability stemmed from the automatic detection of the ZMODEM...

EUVD-2026-30043

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

EUVD-2020-31221

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

CVE-2026-43488

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. When a USB Attached SCSI UAS storage device is connected or disconnected, the xHCI controller can report a Host Controller Error HCE. Improper handling of this error can lead to an interrupt storm, causing...