Lucene search
K

165 matches found

F5 Networks
F5 Networks
added 2026/06/25 4:26 p.m.18 views

K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304

Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...

5.5CVSS5.8AI score0.00123EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: hfcsusb: fixed a memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. This issue was addressed by freeing the urb before freeing th...

6AI score0.00165EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.15 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the URBDRC client did not perform bounds checking on the MSUSBINTERFACEDESCRIPTOR values provided by the server and used these values as indices in libusbudevcompletemsconfigsetup, resulting in an...

9.1CVSS5.4AI score0.00756EPSS
Exploits1References3
NVD
NVD
added 2026/06/02 10:16 p.m.13 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 9:27 p.m.37 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 9:27 p.m.24 views

CVE-2025-15653

The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 9:27 p.m.7 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.11 views

SUSE CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 10:16 a.m.16 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS0.00117EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 9:40 a.m.34 views

CVE-2026-46228 spi: ch341: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00117EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:40 a.m.23 views

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/28 9:40 a.m.13 views

EUVD-2026-32855

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: ch341 driver where device managed resources were tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are...

9.8CVSS6AI score0.03663EPSS
Exploits17References279
Cvelist
Cvelist
added 2026/05/27 12:59 p.m.46 views

CVE-2026-46103 can: ucan: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00114EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: A memory leak has been fixed by using debugfslookup. When calling debugfslookup, the result must also call dput; otherwise, a memory leak will occur over time. To simplify things, simply call debugfslookupandremove,...

5.5CVSS6.1AI score0.00134EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fixed NULL dereferencing when interface 0 is missing. A malicious USB device with the TASCAM US-144MKII device ID may have a configuration where bInterfaceNumber=1, but there is no interface 0. USB...

4.6CVSS5.7AI score0.00196EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:29 p.m.9 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.43 views

CVE-2026-43432 usb: xhci: Fix memory leak in xhci_disable_slot()

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhcidisableslot only...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/08 2:21 p.m.16 views

CVE-2026-43375

CVE-2026-43375 concerns the Linux kernel in the MCTP path. A leak occurs during probe failures because the driver saves a reference to the USB device but fails to release it on error paths. The fix drops the redundant device reference to prevent memory leaks when the probe fails, simplifying driv...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder