6174 matches found
DEBIAN-CVE-2026-31620
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors ar...
CVE-2026-31617
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...
CVE-2026-31604
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...
DEBIAN-CVE-2026-31582
In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...
CVE-2026-31582
In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...
DEBIAN-CVE-2026-31549
In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...
CVE-2026-31549
In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...
CVE-2026-31549
In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...
CVE-2026-31672
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when...
CVE-2026-31650
The CVE concerns the Linux kernel mmc vub300 driver. The root cause is a use-after-free risk from device-managed controller allocation and a lifetime tie to the parent USB device rather than the interface, which can cause memory leaks if the driver is unbound without a disconnect. A last referenc...
CVE-2026-31640
CVE-2026-31640 affects the Linux kernel rxrpc component. The issue occurs in rxrpc_post_response() where the code compares the challenge serial number using the newer packet private data instead of the cached/older response, causing the comparison to always be false and potentially preventing the...
CVE-2026-31640 rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31640
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
EUVD-2026-25533
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31640
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...
CVE-2026-31617
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...
CVE-2026-31616
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...
CVE-2026-31604
The CVE-2026-31604 issue concerns the Linux kernel’s wifi: rtw88 driver. A memory leak arose because the driver grabbing a reference to the USB device during probe did not release it on all probe errors (e.g., descriptor parsing failures) while the interface remained bound to a driver. The fix dr...
CVE-2026-31582
CVE-2026-31582 affects the Linux kernel hwmon powerz driver. A use-after-free occurs when a USB disconnect frees the URB and mutex, and a subsequent powerz_read() can dereference the freed URB in powerz_read_data(). The fix, as described across sources, is to set priv->urb to NULL in powerz_di...