CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/28 9:40 a.m.•13 views

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...

5.5CVSS5.8AI score0.00117EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/28 9:40 a.m.•6 views

CVE-2026-46228

5.8AI score0.00117EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/28 9:40 a.m.•10 views

EUVD-2026-32855

5.8AI score0.00117EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•6 views

CVE-2026-46184

In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...

5.8AI score0.00128EPSS

CVE•added 2026/05/28 9:36 a.m.•16 views

CVE-2026-46184

CVE-2026-46184 relates to the Linux kernel sound/ua101 driver. The root cause is a missing sanity check for bNrChannels in detect_usb_format(), which can lead to a division by zero in playback_urb_complete() and capture_urb_complete() when a device reports bNrChannels = 0. The USB core does not v...

5.5CVSS5.8AI score0.00128EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•9 views

CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

5.8AI score0.00128EPSS

CVE•added 2026/05/28 9:36 a.m.•22 views

CVE-2026-46167

CVE-2026-46167 – Linux kernel usb/usblp heap leak : The vulnerability stems from an uninitialized status buffer (statusbuf) allocated at probe time for LPGETSTATUS. If a malicious printer returns zero bytes, a stale 8-byte heap region could be copied to userspace via LPGETSTATUS, causing a heap l...

5.5CVSS5.8AI score0.00128EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•7 views

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00122EPSS

CVE•added 2026/05/28 9:36 a.m.•20 views

CVE-2026-46151

CVE-2026-46151 affects the Linux kernel USB printer driver usblp, causing a heap leak in IEEE 1284 device ID handling due to short GET_DEVICE_ID responses. The issue stems from usblp_ctrl_msg() discarding actual bytes and usblp_cache_device_id_string() trusting a 2‑byte length prefix, exposing st...

5.5CVSS5.8AI score0.00122EPSS

EUVD•added 2026/05/28 9:36 a.m.•6 views

EUVD-2026-32778

5.8AI score0.00122EPSS

Exploits0References5

CVE•added 2026/05/28 9:36 a.m.•18 views

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

5.5CVSS5.8AI score0.00128EPSS

Cvelist•added 2026/05/28 9:36 a.m.•29 views

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

0.00128EPSS

Exploits0References8

Debian CVE•added 2026/05/28 9:36 a.m.•10 views

CVE-2026-46146

5.5CVSS5.7AI score0.00128EPSS

Exploits0

ATTACKERKB•added 2026/05/28 9:35 a.m.•5 views

CVE-2026-46109

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpiregister error paths Commit 01af542392b5 "usb: ulpi: fix double free in ulpiregisterinterface error path" removed kfreeulpi from ulpiregisterinterface to fix a double-free when deviceregister...

5.7AI score0.00176EPSS

SUSE CVE•added 2026/05/28 3:56 a.m.•7 views

SUSE CVE-2026-45923

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

5.8AI score0.00205EPSS

SUSE CVE•added 2026/05/28 3:55 a.m.•9 views

SUSE CVE-2026-45939

In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in niusbinit In niusbinit, if niusbsetupinit fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, niusbsetupinit returns 0 on failure, whic...

5.8AI score0.00166EPSS

SUSE CVE•added 2026/05/28 3:54 a.m.•7 views

SUSE CVE-2026-46018

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...

5.5CVSS5.8AI score0.00155EPSS

SUSE CVE•added 2026/05/28 3:53 a.m.•6 views

SUSE CVE-2026-46073

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix missing usbkillurb on signal interrupt waitforcompletioninterruptibletimeout returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the device so a...

6.1CVSS5.8AI score0.00168EPSS