CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/24 8:34 p.m.•2 views

CVE-2026-31623

A flaw was found in the Linux kernel's cdc-phonet driver. A malicious USB device, pretending to be a CDC Phonet modem, can exploit this vulnerability by sending an unlimited number of large data transfers. This can cause an overflow in the kernel's internal data buffer skbsharedinfo-frags array,...

7CVSS5.5AI score0.00125EPSS

RedhatCVE•added 2026/04/24 8:34 p.m.•2 views

CVE-2026-31616

A flaw was found in the Linux kernel's USB gadget Phonet function. A remote attacker, acting as a malicious USB host, could exploit this vulnerability by sending a continuous stream of full-page data transfers. This action causes an overflow in the kernel's internal data structures, leading to...

5.5CVSS6AI score0.00125EPSS

RedhatCVE•added 2026/04/24 8:33 p.m.•3 views

CVE-2026-31606

A flaw was found in the Linux kernel's USB Human Interface Device HID gadget driver. When the /dev/hidg device is still open during unbind and bind operations, the character device cdev is reinitialized while still in use. This unsafe behavior can lead to a system crash, resulting in a Denial of...

5.5CVSS5.2AI score0.00122EPSS

RedhatCVE•added 2026/04/24 8:16 p.m.•3 views

CVE-2026-31617

A flaw was found in the Linux kernel's USB Network Control Model NCM gadget driver. A malicious USB host could exploit an integer underflow vulnerability when processing Network Transfer Block NTB headers. This allows the host to manipulate internal data pointers, causing adjacent kernel memory t...

7CVSS5.1AI score0.00125EPSS

RedhatCVE•added 2026/04/24 8:16 p.m.•5 views

CVE-2026-31607

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

9.8CVSS6.3AI score0.00576EPSS

RedhatCVE•added 2026/04/24 6:36 p.m.•6 views

CVE-2026-31582

A flaw was found in the Linux kernel's hwmon subsystem. A local attacker, by disconnecting a USB device, could trigger a use-after-free vulnerability in the powerz driver. This occurs when the driver attempts to access a Universal Serial Bus Request Block URB after it has been freed during the...

7.8CVSS5.3AI score0.00125EPSS

RedhatCVE•added 2026/04/24 6:31 p.m.•3 views

CVE-2026-31581

A flaw was found in the Linux kernel's ALSA 6fire USB audio device driver. During the disconnection process of a 6fire USB audio device, a use-after-free vulnerability occurs. This happens when the system attempts to write to memory that has already been deallocated, which can lead to memory...

7.8CVSS5.5AI score0.00128EPSS

OSV•added 2026/04/24 3:16 p.m.•1 views

DEBIAN-CVE-2026-31672

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when...

5.5CVSS5.2AI score0.00114EPSS

NVD•added 2026/04/24 3:16 p.m.•0 views

CVE-2026-31672

5.5CVSS0.00114EPSS

Exploits0References8

OSV•added 2026/04/24 3:16 p.m.•3 views

DEBIAN-CVE-2026-31623

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

5.5CVSS5.2AI score0.00125EPSS

NVD•added 2026/04/24 3:16 p.m.•0 views

CVE-2026-31623

5.5CVSS0.00125EPSS

OSV•added 2026/04/24 3:16 p.m.•5 views

DEBIAN-CVE-2026-31616

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

5.5CVSS5.3AI score0.00125EPSS

OSV•added 2026/04/24 3:16 p.m.•2 views

DEBIAN-CVE-2026-31617

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...

5.5CVSS5.2AI score0.00125EPSS

NVD•added 2026/04/24 3:16 p.m.•3 views

CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS0.00125EPSS

NVD•added 2026/04/24 3:16 p.m.•2 views

CVE-2026-31616

5.5CVSS0.00125EPSS

OSV•added 2026/04/24 3:16 p.m.•4 views

DEBIAN-CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

9.8CVSS5.6AI score0.00576EPSS

OSV•added 2026/04/24 3:16 p.m.•4 views

DEBIAN-CVE-2026-31606

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: don't call cdevinit while cdev in use When calling unbind, then bind again, cdevinit reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg device is still...

5.5CVSS5.3AI score0.00122EPSS

NVD•added 2026/04/24 3:16 p.m.•3 views

CVE-2026-31607

9.8CVSS0.00576EPSS