90 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: uvc: Fixed a dereference of ERRPTR in uvcv4l2.c. Fixed the potential dereference of ERRPTR in findformatbypix and uvcv4l2enumformat. Also corrected the following matching errors: -...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In video/aperture, it is now possible to match the device in sysfbdisable. In apertureremoveconflictingpcidevices, we currently only call sysfbdisable for VGA-class devices. This leads to the following issue when the primary devi...
Linux Distros Unpatched Vulnerability : CVE-2026-31726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe usb: gadget: uvc: allow for application to cleanly shutdown introduced two...
CVE-2026-31726
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...
CVE-2026-31726
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...
CVE-2026-31726 usb: gadget: uvc: fix NULL pointer dereference during unbind race
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...
CVE-2026-31726
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...
CLSA-2026-1775224807 Fix of 95 CVEs
CVE-2025-39683 - tracing: Remove unneeded goto out logic CVE-2025-39683 - tracing: Limit access to parser-buffer when tracegetuser failed CVE-2025-39683 CVE-2025-38079 - crypto: algifhash - fix double free in hashaccept CVE-2025-38079 CVE-2025-38159 - wifi: rtw88: fix the 'para' buffer size to...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the uvcscanstreaming function in the UVC Descriptor Handler component. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation There is no fixed...
CVE-2025-68622
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...
CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...
CVE-2025-68622
The CVE-2025-68622 affects Espressif ESP-IDF USB Host UVC Class Driver (esp-usb UVC host). A vulnerability in the UVC host parsing allows a malicious USB Video Class (UVC) device to cause a stack buffer overflow during configuration-descriptor parsing when UVC printing is enabled. A crafted descr...
EUVD-2025-206283
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990104)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990104 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvcfunctionsetup permit...
SUSE CVE-2025-40016
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...
CVE-2025-40016
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...
CVE-2025-40016
CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...
CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability
...
CVE-2025-55676
CVE-2025-55676 affects the Windows USB Video Class System Driver and is an information disclosure vulnerability that can be exploited locally on an authenticated system. The root cause is an error message generation that reveals sensitive information from the Windows USB Video Driver. Microsoft’s...
CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability
...