SUSE CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver, aka CID-da2311a6385c...

SUSE CVE-2019-19966

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2exit in drivers/media/usb/cpia2/cpia2v4l.c that will cause denial of service, aka CID-dea37a972655...

SUSE CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

SUSE CVE-2020-11668

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770...

SUSE CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...

SUSE CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

SUSE CVE-2020-15437

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250core.c:serial8250isainitports that allows local users to cause a denial of service by using the p-serialin pointer which uninitialized...

SUSE CVE-2020-26421

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file...

SUSE CVE-2021-3802

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability...

SUSE CVE-2021-21140

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device...

SUSE CVE-2021-22173

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file...

SUSE CVE-2021-38204

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service use-after-free and panic by removing a MAX-3421 USB device in certain situations...

SUSE CVE-2021-43976

In the Linux kernel through 5.15.2, mwifiexusbrecv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker who can connect a crafted USB device to cause a denial of service skboverpanic...

SUSE CVE-2021-47527

In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 "tty: serialcore: convert uartclose to use ttyportclose" converted serial core to use ttyportclose but failed to notice that the transmit buffer still needs ...

SUSE CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver...

SUSE CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

SUSE CVE-2022-20132

In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User...

SUSE CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

SUSE CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the...

SUSE CVE-2022-39320

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send i...