Lucene search
K

1828 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in gdisk

In the LoadPartitionTable function of gpt.cc, there is a potential out-of-bounds write vulnerability due to a missing bounds check. This could lead to a local escalation of privileges when inserting a malicious USB device, without the need for additional execution privileges. User interaction is...

7.2CVSS6.8AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fixed out-of-bounds accesses in RX fixup The ax88179rxfixup function contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device. Specifically: - The metadata array...

7.8CVSS6.2AI score0.00316EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix nullptrderef in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious dat...

5.9AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel up to 5.15.2, mwifiexusbrecv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker who can connect a crafted USB device to cause a denial of service skboverpanic...

4.6CVSS6.2AI score0.00643EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: Check the packet for fixup for true limits. If a device sends a packet that lies between 0 and sizeofu64, the value passed to skbtrim as the packet length will wrap around, resulting in a very large value. The driver...

5.5CVSS6.1AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A buffer overflow vulnerability was discovered in the Linux kernel’s Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. It can allow a local user to crash the system or escalate their privileges...

6.6CVSS6.8AI score0.00503EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A memory corruption flaw was discovered in the Linux kernel’s Human Interface Device HID subsystem, regarding the way a malicious USB device is inserted by a user. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

6.6CVSS6.6AI score0.00391EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

The drivers/usb/host/max3421-hcd.c file in the Linux kernel before version 5.13.6 allows physically nearby attackers to cause a denial of service use-after-free and panic by removing a MAX-3421 USB device under certain circumstances...

6.8CVSS6.7AI score0.00333EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 10:17 p.m.34 views

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

5.8AI score0.00089EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28681

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

5.8AI score0.00121EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.9 views

CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

5.8AI score0.00121EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the MCTP driver failing to release the USB device reference when detection fails, resulting in a...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 11:16 p.m.7 views

CVE-2026-43251

A flaw was found in the Linux kernel's Human Interface Device HID prodikeys driver. A local attacker can exploit this vulnerability by connecting a specially crafted Universal Serial Bus USB device. This device can send a malicious report descriptor, bypassing a necessary check and causing a null...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 6:27 p.m.9 views

CVE-2026-43140

A flaw was found in the Linux kernel's HID Human Interface Device magicmouse driver. A local attacker with physical access could exploit this vulnerability by connecting a specially crafted USB device. This device could send a malformed report descriptor, causing the msc-input to remain...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.10 views

CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.9 views

CVE-2026-43140

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc-input Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, msc-input stays NULL, leading to a crash at a later time...

5.7AI score0.00128EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/01 11:33 p.m.6 views

CVE-2026-31778

A flaw was found in the Linux kernel's ALSA caiaq driver. A local user with a specially crafted USB device, containing a product name with many non-ASCII or non-space characters, can trigger a stack out-of-bounds read. This vulnerability allows the system to read past the end of a stack buffer,...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 1:56 p.m.22 views

CVE-2026-31701

In CVE-2026-31701, the Linux kernel ALSA caiaq driver (USB audio) stored a pointer to the parent usb_device without a reference. The snd_usb_caiaq_card_free() path can run after the USB device is disconnected, dereferencing freed memory (use-after-free). The fix is to take a reference on the USB ...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 1:56 p.m.9 views

CVE-2026-31701

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...

5.5CVSS5.7AI score0.00117EPSS
Exploits0
Rows per page
Query Builder