Lucene search
+L

99 matches found

SUSE Linux
SUSE Linux
added 2024/11/08 7:28 a.m.0 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834. CVE-2024-8612: Fixed nformation leak in virtio devices bsc1230915. CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc122900...

8.2CVSS6.6AI score0.01027EPSS
Exploits0References12
CVE
CVE
added 2024/09/27 12:39 p.m.124 views

CVE-2024-46836

CVE-2024-46836 in the Linux kernel affects usb: gadget: aspeed_udc. The issue is a missing bound check for the endpoint index, which may allow an out-of-bounds access to the endpoint array if the host manipulates the index. Descriptions and Nessus references confirm this bound-check root cause an...

7.8CVSS7.3AI score0.00244EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2024/09/19 11:38 p.m.3 views

SUSE CVE-2024-8354

A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...

4.7CVSS6.4AI score0.00286EPSS
Exploits0References8
OSV
OSV
added 2024/09/19 11:15 a.m.7 views

AZL-60064 CVE-2024-8354 affecting package qemu 6.2.0-26

A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...

5.5CVSS6.7AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2024/09/19 11:15 a.m.7 views

AZL-60778 CVE-2024-8354 affecting package qemu 9.1.0-1

A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...

5.5CVSS6.7AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2024/09/19 11:15 a.m.5 views

UBUNTU-CVE-2024-8354

A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...

5.5CVSS6.7AI score0.00286EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/09/11 3:13 p.m.12 views

CVE-2024-45011

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN...

5.5CVSS5.7AI score0.00221EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.3 views

PT-2024-7400

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in QEMU, related to an assertion failure in the usb ep get function in hw/net/core.c when trying to get the USB endpoint from a USB device. This issue may allow a malicious...

5.5CVSS6.6AI score0.00286EPSS
Exploits0References123
SUSE CVE
SUSE CVE
added 2024/08/06 2:0 a.m.8 views

SUSE CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

5.5CVSS6.3AI score0.00234EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2024/07/31 9:16 a.m.29 views

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

5.5CVSS6.9AI score0.00234EPSS
Exploits0References4
OSV
OSV
added 2024/07/29 4:15 p.m.2 views

DEBIAN-CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

5.5CVSS5.6AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2024/07/29 3:48 p.m.170 views

CVE-2024-41097

CVE-2024-41097 concerns the Linux kernel USB ATM cxacru driver. The issue stemmed from incomplete endpoint checking during cxacru_bind(), which could cause wrong endpoint types to be used when submitting URBs. The patch adds verification that required endpoint types are present for both IN and OU...

5.5CVSS6.5AI score0.00234EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/07/29 3:48 p.m.22 views

CVE-2024-41097 usb: atm: cxacru: fix endpoint checking in cxacru_bind()

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

5.5CVSS6AI score0.00234EPSS
Exploits0References12
NVD
NVD
added 2024/07/29 3:15 p.m.21 views

CVE-2024-41035

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...

5.5CVSS0.00299EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2024/07/18 3:5 a.m.4 views

SUSE CVE-2022-48836

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usbsubmiturb which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old...

5.5CVSS7.8AI score0.00242EPSS
Exploits0References14
CVE
CVE
added 2024/07/16 12:25 p.m.142 views

CVE-2022-48836

CVE-2022-48836 affects the Linux kernel. Root cause: usb_submit_urb() could accept endpoints of incorrect type because only bNumEndpoints was checked, not endpoint type, enabling a bogus URB as shown in the failure log. Fix: replace the old desc.bNumEndpoints check with usb_find_common_endpoints(...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2024/07/16 12:25 p.m.14 views

CVE-2022-48836

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usbsubmiturb which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old...

5.5CVSS5.6AI score0.00242EPSS
Exploits0
OSV
OSV
added 2024/06/27 11:15 p.m.6 views

DEBIAN-CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

8.4CVSS6.9AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2024/06/27 11:15 p.m.8 views

UBUNTU-CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

8.4CVSS5.8AI score0.00238EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions prior to 4.8, which stems from usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field...

8.4CVSS6.5AI score0.00238EPSS
Exploits0References5
Rows per page
Query Builder