Lucene search
+L

168 matches found

f5
f5
added 2026/06/25 4:26 p.m.18 views

K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304

Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...

5.5CVSS5.8AI score0.00129EPSS
Exploits0Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: hfcsusb: fixed a memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. This issue was addressed by freeing the urb before freeing th...

6AI score0.00165EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.15 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the URBDRC client did not perform bounds checking on the MSUSBINTERFACEDESCRIPTOR values provided by the server and used these values as indices in libusbudevcompletemsconfigsetup, resulting in an...

9.1CVSS5.4AI score0.00756EPSS
Exploits1References3
nvd
nvd
added 2026/06/02 10:16 p.m.16 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/02 9:27 p.m.7 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/02 9:27 p.m.40 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
cve
cve
added 2026/06/02 9:27 p.m.28 views

CVE-2025-15653

The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
susecve
susecve
added 2026/05/29 1:14 a.m.11 views

SUSE CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3
nvd
nvd
added 2026/05/28 10:16 a.m.16 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS0.00117EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/05/28 9:40 a.m.13 views

EUVD-2026-32855

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References3
cve
cve
added 2026/05/28 9:40 a.m.26 views

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/05/28 9:40 a.m.35 views

CVE-2026-46228 spi: ch341: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00117EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.15 views

PT-2026-44351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: ch341 driver where device managed resources were tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are...

9.8CVSS6AI score0.03663EPSS
Exploits18References279
osv
osv
added 2026/05/27 12:59 p.m.2 views

CVE-2026-46103 can: ucan: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS6AI score0.00114EPSS
Exploits0References11
cvelist
cvelist
added 2026/05/27 12:59 p.m.48 views

CVE-2026-46103 can: ucan: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00114EPSS
Exploits0References8
osv
osv
added 2026/05/27 12:17 p.m.1 views

CVE-2026-45923 net: usb: catc: enable basic endpoint checking

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

5.5CVSS5.9AI score0.0016EPSS
Exploits0References10
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: A memory leak has been fixed by using debugfslookup. When calling debugfslookup, the result must also call dput; otherwise, a memory leak will occur over time. To simplify things, simply call debugfslookupandremove,...

5.5CVSS6.1AI score0.00134EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fixed NULL dereferencing when interface 0 is missing. A malicious USB device with the TASCAM US-144MKII device ID may have a configuration where bInterfaceNumber=1, but there is no interface 0. USB...

4.6CVSS5.7AI score0.00196EPSS
Exploits0References1
redhat
redhat
added 2026/05/19 1:29 p.m.9 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References6
Rows per page
Query Builder