No title provided

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handletxevent for Transfer events without TRB Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handletxevent should no...

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...

kernel: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect

A flaw was found in the Linux kernel. This issue can cause a potential crash on the receiver USB disconnect...

kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

A vulnerability was found in the Linux kernel's CDC WDM driver, where excessive logging in the interrupt-URB completion callback could lead to CPU lockups, which occurs when the driver rapidly resubmits interrupt URBs after receiving a -EPROTO status, causing a backlog of error messages that...

kernel: Input: aiptek - properly check endpoint type

A wrong endpoint type warning was recorded in usbsubmiturb in the Linux kernel. This may present a potential loss of Availability...

No title provided

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handletxevent for Transfer events without TRB Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handletxevent should no...

kernel: serial: core: fix transmit-buffer reset and memleak

In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 "tty: serialcore: convert uartclose to use ttyportclose" converted serial core to use ttyportclose but failed to notice that the transmit buffer still needs ...

kernel: usb: atm: cxacru: fix endpoint checking in cxacru_bind()

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

kernel: USB: core: Fix hang in usb_kill_urb by adding memory barriers

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usbkillurb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usbkillurb to return. It turns out the issue is not unlinking the URB; that works just fine...

ROS-20240924-04

A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...

USN-7007-3 linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Chenyuan Yang discovered that the USB Gadget subsystem in...

USN-7007-2 linux-ibm-5.15, linux-oracle-5.15 vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Chenyuan Yang discovered that the USB Gadget subsystem in...

Sony XAV-AX5500 安全漏洞

The SONY XAV-AX5500 is a 7-inch in-vehicle center console with a wide range of functions and advanced technical features. The SONY XAV-AX5500 suffers from a buffer overflow vulnerability that originates from a constructed USB configuration descriptor that can trigger an overflow of a fixed-length...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7007-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-3 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

OESA-2024-2153 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as ...

OESA-2024-2150 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce thi...

bhyve 安全漏洞

bhyve is a virtual machine hypervisor used in the freeBSD Foundation. A security vulnerability exists in bhyve that stems from insufficient boundary validation in USB code that could lead to a heap out-of-bounds read. An attacker exploiting this vulnerability could write or execute arbitrary code...

SUSE CVE-2024-46760

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtwrxfillrxstatus on hw object and/or its fields because initialization routine can start getting USB replie...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU that stems from an assertion failure in the usbepget function in hw/net/core.c when attempting to...