kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

[SECURITY] Fedora 40 Update: qt5-qtspeech-5.15.14-1.fc40

The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. The most common use case where text-to-speech comes in handy is when the end-user is drivin...

[SECURITY] Fedora 40 Update: qt5-qtserialport-5.15.14-1.fc40

Qt Serial Port provides the basic functionality, which includes configuring, I/O operations, getting and setting the control signals of the RS-232 pinouts...

[SECURITY] Fedora 40 Update: qt5-qtserialbus-5.15.14-1.fc40

Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...

kernel: USB: core: Fix deadlock in usb_deauthorize_interface()

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface The Linux kernel CVE team has assigned CVE-2024-26934 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26934-e2fc@gregkh/T...

kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

DEBIAN-CVE-2024-36962

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses localbhdisable/localbhenable in its IRQ handler to avoid triggering netrxaction softirq on exit from netifrx. The netrxaction could...

The vulnerability of the Windows Mobile Broadband operating system driver allows a hacker to execute arbitrary code.

The vulnerability of the Windows Mobile Broadband operating system’s driver is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code by connecting a malicious USB device...

The vulnerability of the Windows Mobile Broadband operating system driver allows a hacker to execute arbitrary code.

The vulnerability of the Windows Mobile Broadband operating system’s driver is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code by connecting a malicious USB device...

The vulnerability of the Windows Mobile Broadband operating system driver allows a hacker to execute arbitrary code.

The vulnerability of the Windows Mobile Broadband operating system driver is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by connecting a malicious USB device...

The vulnerability of the Windows Mobile Broadband operating system driver allows a hacker to execute arbitrary code.

The vulnerability of the Windows Mobile Broadband operating system’s driver is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code by connecting a malicious USB device...

DEBIAN-CVE-2024-36930

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...

DEBIAN-CVE-2024-36893

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typecregisterpartner does not guarantee partner registration to always succeed. In the event of failure, port-partner is set to the error value or NULL. Given...

UBUNTU-CVE-2024-36930

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...

UBUNTU-CVE-2024-36893

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typecregisterpartner does not guarantee partner registration to always succeed. In the event of failure, port-partner is set to the error value or NULL. Given...

UBUNTU-CVE-2024-36896

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disablestore: usbhubtostructhub can return NULL if the hub that the port belongs to is concurrently removed, but...

gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc

An out-of-bounds write flaw was found in gdisks' ReadLogicalParts function of 'basicmbr.cc'. The exploitation of this flaw requires the use of a malicious storage device for example, a USB Stick that can cause a crash when physically inserted into the system and possible local privilege escalatio...

Westermo EDW-100

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : EDW-100 Vulnerabilities : Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the USB gadget UVC module using incorrect buffer sizes when parsing the configfs list...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an access violation in the USB kernel subsystem during port device removal...