CVE-2025-4386 Medtronic MyCareLink Patient Monitor Hardware Debug Port

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

CVE-2025-4386 Medtronic MyCareLink Patient Monitor Hardware Debug Port

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

SUSE CVE-2026-31722

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds,...

SUSE CVE-2026-31727

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix NULL pointer deref in ethgetdrvinfo Commit ec35c1969650 "usb: gadget: fncm: Fix netdevice lifecycle with devicemove" reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget...

CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

EUVD-2026-28232

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

CVE-2026-40003

CVE-2026-40003 describes a USB-based arbitrary memory write vulnerability in the ZTE ZX297520V3 BootROM. The issue arises from lack of target address validation in the USB download mode, allowing writes to arbitrary locations in BootROM runtime memory. Potential consequences, as stated, include o...

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open-source monitoring system developed by Medtronic in the United States. The Medtronic MyCareLink Patient Monitor has a security vulnerability, which stems from its internal serial interface. This vulnerability could allow attackers with physical acces...

CVE-2026-43223

A flaw was found in the Linux kernel's pvrusb2 media driver. When the pvr2sendrequestex function submits a write USB Request Block URB but fails to submit a read URB, the write URB remains active. A subsequent attempt to use this URB triggers a warning, which can lead to system instability or a...

CVE-2026-43136

A flaw was found in the Linux kernel's Human Interface Device HID subsystem, specifically within the logitech-hidpp driver. A remote attacker, by connecting a specially crafted Universal Serial Bus USB device, could send malformed HID report descriptors that lack valid fields. This could lead to ...

EUVD-2026-27814

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43279

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...

CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

CVE-2026-43255

The CVE-2026-43255 entry concerns the Linux kernel component for wireless Libertus (wifi: libertas). The vulnerability arises when usb_tx_block() submits cardp->tx_urb without guaranteeing the previous URB has completed; a second call during active URB state can trigger a warning (“URB submitt...

CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

CVE-2026-43180

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

CVE-2026-43140

The CVE-2026-43140 vulnerability affects the Linux kernel HID magicmouse driver. Fake USB devices could present their own report descriptors such that input_mapping() does not call, leaving msc->input NULL and causing a crash later. The issue is resolved by detecting this condition in input_co...

CVE-2026-43136

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidppgetreportlength Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be...

CVE-2026-43061

A flaw was found in the Linux kernel's 8250 serial driver when utilizing Direct Memory Access DMA. An issue arises when a DMA transaction is terminated asynchronously, as the system may not properly clear the dma-txrunning flag. This prevents subsequent transmit TX DMA transactions from being...