CVE-2026-43479

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

CLSA-2026-1778674879 opensc: Fix of CVE-2024-45619

CVE-2024-45619: fix incorrect access of initialized parts of partially filled buffers triggered by crafted APDU responses from USB devices or smart cards...

SUSE CVE-2026-43327

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

SUSE CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

SUSE CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

SUSE CVE-2026-43423

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

SUSE CVE-2026-43436

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...

Linux Distros Unpatched Vulnerability : CVE-2026-43488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug...

SUSE CVE-2026-43324

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9...

SUSE CVE-2026-43343

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fsubset: Fix unbalanced refcnt in gethfree gethalloc increments the reference count, but gethfree fails to decrement it. This prevents the configuration of attributes via configfs after unlinking the function...

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

SUSE CVE-2026-43342

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This...

SUSE CVE-2026-43427

In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc-length update can be reordered before the memmove. If this happens, wdmread...

USN-8180-6 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-6: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

CVE-2026-43425

A flaw was found in the Linux kernel's mdc800 USB image driver. When the driver attempts to read data from a USB device, a timeout can occur, leaving a USB Request Block URB in an active state. If a subsequent read operation is initiated, the driver may attempt to resubmit this already active URB...

openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...