236 matches found
USN-8185-1: Linux kernel (NVIDIA) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8179-2 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8184-1: Linux kernel (Real-time) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007486)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007486 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function...
USN-8179-1: Linux kernel vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8116-1: Linux kernel (Intel IoTG Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM...
USN-8048-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
USN-8033-2 linux-intel-iot-realtime, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
USN-8033-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
USN-8033-1 linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
USN-8030-1 linux-gcp vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004896)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004896 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehcihcdppcofprobe offindcompatiblenode returns a node pointer wit...
Azure Linux 3.0 Security Update: kernel (CVE-2024-57981)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57981 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference ...
CVE-2025-68657
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...
CVE-2025-68657
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...
CVE-2025-68656
CVE-2025-68656 affects the ESP-IDF USB Host HID Driver. Before 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer while continuing to use a stale local pointer, causing an immediate use-after-free when processing attacker-controlled Report Descriptor lengths....
CVE-2025-68656 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, usbclassrequestgetdescriptor frees and reallocates hiddevice-ctrlxfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate...
CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...