EUVD-2026-27731

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...

CVE-2026-43259

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43180

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

CVE-2026-43136

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidppgetreportlength Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be...

CVE-2026-43279 ALSA: usb-audio: Add sanity check for OOB writes at silencing

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...

CVE-2026-43279

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...

CVE-2026-43259

CVE-2026-43259 affects the Linux kernel in the phy: fsl-imx8mq-usb driver. The vulnerability arises from missing platform_set_drvdata(), with data intended for use in remove(). The fixed code adds the missing platform_set_drvdata() call in the driver. Impact, as per the CVE details, is consistent...

CVE-2026-43259 phy: fsl-imx8mq-usb: set platform driver data

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

CVE-2026-43259

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

CVE-2026-43255 wifi: libertas: fix WARNING in usb_tx_block

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43251

CVE-2026-43251 affects the Linux kernel HID prodikeys driver. A local attacker can connect a crafted USB device whose report descriptor bypasses the pm->input_ep82 check, leaving input_ep82 NULL and causing a crash (potential DoS). Multiple OSV entries show patches in rootio-linux packages for...

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

CVE-2026-43231

CVE-2026-43231 : In the Linux kernel, the media: radio-keene driver has a memory-leak in usb_keene_probe() where the v4l2 control handler is not freed if registration fails. The underlying issue is that the v4l2_ctrl_handler is initialized and controls are added, but error paths after v4l2_device...

CVE-2026-43223 media: pvrusb2: fix URB leak in pvr2_send_request_ex

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

CVE-2026-43223

CVE-2026-43223 concerns the Linux kernel media driver pvrusb2. The issue arises when pvr2_send_request_ex() submits a write URB and, if the subsequent read URB submission fails (e.g., due to -ENOMEM), returns early without waiting for the write to complete. Because the same URB structure is reuse...

CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...