CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/24 3:16 p.m.•1 views

CVE-2026-31581

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6firechipabort, the chip struct is allocated as the card's private data via sndcardnew with sizeofstruct sfirechip. When sndcardfreewhenclosed is called and no file handles are...

7.8CVSS0.00128EPSS

OSV•added 2026/04/24 3:16 p.m.•6 views

DEBIAN-CVE-2026-31581

7.8CVSS5.3AI score0.00128EPSS

Exploits0References1

ATTACKERKB•added 2026/04/24 2:45 p.m.•1 views

CVE-2026-31672

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when...

5.4AI score0.00114EPSS

Cvelist•added 2026/04/24 2:42 p.m.•30 views

CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

0.00125EPSS

Debian CVE•added 2026/04/24 2:42 p.m.•3 views

CVE-2026-31623

5.5CVSS5.2AI score0.00125EPSS

CVE•added 2026/04/24 2:42 p.m.•18 views

CVE-2026-31623

The CVE-2026-31623 issue affects the Linux kernel net: usb: cdc-phonet driver. A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers in rx_complete(). The consequence described is a ...

5.5CVSS5.3AI score0.00125EPSS

Cvelist•added 2026/04/24 2:42 p.m.•29 views

CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors ar...

0.00196EPSS

Exploits0References4

Debian CVE•added 2026/04/24 2:42 p.m.•2 views

CVE-2026-31617

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...

5.5CVSS5.2AI score0.00125EPSS

CVE•added 2026/04/24 2:42 p.m.•7 views

CVE-2026-31617

The CVE affects the Linux kernel USB Network Control Model (NCM) gadget driver (usb: gadget: f_ncm). A missing lower bound on block_len checks for NTB headers allows an underflow in ndp_index and datagram offset calculations when block_len ndp_size or dpe_size. This can let a malicious USB host c...

5.5CVSS5.3AI score0.00125EPSS

Debian CVE•added 2026/04/24 2:42 p.m.•2 views

CVE-2026-31616

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

5.5CVSS5.2AI score0.00125EPSS

Cvelist•added 2026/04/24 2:42 p.m.•25 views

CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()

0.00125EPSS

CVE•added 2026/04/24 2:42 p.m.•12 views

CVE-2026-31616

The CVE-2026-31616 entry concerns a Linux kernel USB gadget Phonet function vulnerability. A malicious USB host can overflow the skb_shared_info->frags[] array in the pn_rx_complete() path by sending an unbounded sequence of full-page OUT transfers. The host filling req->length with PAGE_SI...

5.5CVSS5.4AI score0.00125EPSS

EUVD•added 2026/04/24 2:42 p.m.•3 views

EUVD-2026-25509

5.4AI score0.00125EPSS

Exploits0References4

Debian CVE•added 2026/04/24 2:42 p.m.•4 views

CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS5.3AI score0.00125EPSS

ATTACKERKB•added 2026/04/24 2:42 p.m.•2 views

CVE-2026-31615

5.4AI score0.00125EPSS

Exploits0References7Affected Software1

EUVD•added 2026/04/24 2:42 p.m.•4 views

EUVD-2026-25508

5.4AI score0.00125EPSS

Exploits0References4

CVE•added 2026/04/24 2:42 p.m.•13 views

CVE-2026-31615

In CVE-2026-31615, the Linux kernel USB gadget code for renesas_usb3 (and related aspeed_udc context) did not validate endpoint indices in standard requests (GET_STATUS, SET/CLEAR_FEATURE). The host-supplied wIndex could be used to dereference a pointer without confirming endpoint count, risking ...

5.5CVSS5.4AI score0.00125EPSS

Cvelist•added 2026/04/24 2:42 p.m.•26 views

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

0.00125EPSS