USN-7289-3 linux-ibm vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...

USN-7289-2 linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...

The vulnerability of the Linux operating system’s USB kernel component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s USB kernel component is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s USB kernel component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s USB kernel component is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s serial kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s serial kernel component is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2025-21704

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usbcdcnotification, we can't calculate an expectedsize. Log an error and discard the notification instead of reading...

UBUNTU-CVE-2025-21704

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usbcdcnotification, we can't calculate an expectedsize. Log an error and discard the notification instead of reading...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the usb:cdc-acm module not checking the transfer buffer size before accessing it...

The vulnerability of the spi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the spi component in the Linux operating system’s kernel is related to improper error handling. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-1367

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early...

PT-2025-25815

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7+ Description A vulnerability in the Linux kernel has been resolved. The issue was observed on a SAMA5D27 platform using atmel serial, where a warning was emitted when trying to toggle flow control in a...

The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown allows a intruder to trigger a service failure.

The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown is related to improper authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure...

IXON IXrouter IX2400 安全漏洞

The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...

CVE-2023-34400

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...