SUSE CVE-2026-43170

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...

SUSE CVE-2026-43231

In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usbkeeneprobe. The v4l2 control handler is initialized and controls are added, but if v4l2deviceregister or videoregisterdevice fails afterward, the handler w...

SUSE CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

SUSE CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

CVE-2026-43432

A flaw was found in the Linux kernel's USB xHCI host controller driver. The error handling path in the xhcidisableslot function incorrectly frees only a portion of the allocated memory, leading to a memory leak of the completion structure. This issue, which can be triggered under specific hardwar...

CVE-2026-43424

A flaw was found in the Linux kernel's USB gadget subsystem ftcm. A malicious or misconfigured USB host can exploit a race condition by sending specific Bulk-Only Transport BOT commands. This can trigger a NULL pointer dereference, leading to a kernel panic and a local Denial of Service DoS on th...

CVE-2026-43422

A flaw was found in the Linux kernel's USB legacy NCM Network Control Model driver. This vulnerability occurs due to a NULL pointer dereference in the gncmbind function, where the driver attempts to access a network device netdevice before it has been fully initialized. An attacker could...

CVE-2026-43421

A flaw was found in the Linux kernel's USB gadget function for Network Control Model NCM. During device disconnection, a network device could outlive its parent gadget device, leading to dangling system file system sysfs links and null pointer dereference problems. This vulnerability can result i...

CVE-2026-43343

A flaw was found in the usb: gadget: fsubset module of the Linux kernel. The gethfree function fails to decrement a reference count that was incremented by gethalloc. This unbalanced reference count can lead to a resource leak, preventing the configuration of attributes through the configfs...

CVE-2026-43342

A flaw was found in the Linux kernel's USB gadget RNDIS Remote Network Driver Interface Specification function. This vulnerability arises from race conditions when RNDIS options are accessed concurrently through configfs, a file system that allows user-space programs to create and manage kernel...

CVE-2026-43290

A flaw was found in the Linux kernel's uvcvideo module. This vulnerability occurs when the startstreaming function fails to return queued buffers due to an error in uvcpmget. A local attacker could potentially trigger this condition, leading to system instability or a denial of service DoS by...

EUVD-2026-28732

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: fix use-after-free in ISR during device removal In usbhsremove, the driver frees resources including the pipe array while the interrupt handler usbhsinterrupt is still registered. If an interrupt fires after...

EUVD-2026-28738

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhcidisableslot only...

EUVD-2026-28734

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

EUVD-2026-28727

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

EUVD-2026-28730

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

EUVD-2026-28737

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

EUVD-2026-28735

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

EUVD-2026-28681

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

EUVD-2026-28627

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fsubset: Fix unbalanced refcnt in gethfree gethalloc increments the reference count, but gethfree fails to decrement it. This prevents the configuration of attributes via configfs after unlinking the function...