7053 matches found
CVE-2026-52964
The CVE-2026-52964 issue affects the Linux kernel ALSA usb-audio MIDI 2.0 endpoint parsing. The endpoint-descriptor walking logic validates bLength against bNumGrpTrmBlock but not the remaining bytes, allowing a malformed device to cause baAssoGrpTrmBlkID[] reads to read past the descriptor. The ...
CVE-2026-52963
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: usb8dev: usb8devreadbulkcallback: fixed the URB memory leak. The memory leak was fixed in a similar manner to that in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed the URB memory leak”. In usb8devopen -...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fixed a memory leak in updateeth regs async When writing to the device registers asynchronously, and if usbsubmiturb fails, the code fails to release the resources allocated for this process...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking The catcprobe function fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. This occurs as follows: - usbsndbulkpipeusbdev, 1 and...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: SCSI: UFS: Core – Flush exception handling work when RPM level is zero Ensure that exception event handling work is explicitly flushed during suspension when the runtime power management level is set to UFSPMLVL0. When the RPM...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: Fixed a memory leak that occurred due to a failure in usbsubmiturb. In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, resulting in a memory leak. The...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fixed a URB memory leak. The memory leak was fixed in a similar manner to the issue in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed a URB memory leak”. In mcbausbprobe -...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: USB: UAS – Fix for the URB unmapping issue when the UAS device is removed during ongoing data transfer When a UAS device is unplugged during data transfer, there is a possibility of a system panic occurring. The root cause is...
Astra Linux – Vulnerability in grub2
A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader improperly handles string conversions when reading information from a USB device, allowing an attacker to exploit inconsistencies in the length values. A local attacker can...
CVE-2026-48867
creationtimestamp| type| source ---|---|--- 2026-06-22 19:18:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3movm2czvz423...
CVE-2026-9456
creationtimestamp| type| source ---|---|--- 2026-06-22 04:16:36+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3motzobguut2b...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbopen/close: fixed a memory leak. The gsusb driver appears to have a problem common to many USB CAN adapter drivers. It performs usballoccoherent to allocate a number of USB Request Blocks URBs for reception, and...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: asix: Proper error handling for USB read errors has been added. The Syzbot issue with the asix driver remains the same. The problem is still present—the asixreadcmd function reads fewer bytes than requested by the caller...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300 – Fixed the return value check in mmcaddhost. If we ignore the return value of mmcaddhost, the memory allocated in mmcallochost may be leaked, leading to a kernel crash due to the removal of devices that were not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: Fixed the issue of NULL pointer dereferencing during the charger process. When the system is powered on using an OTG cable, the IDDIG interrupt occurs before the charger is registered. This can lead to...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fixed the direction of 0-length ioctl control messages The syzbot fuzzer identified a issue with the usbtmc driver: When a user sends an ioctl with a 0-length control transfer, the driver does not check whether the...