Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Do not pass actlen in the usbbulkmsg error path. syzbot reported that actlen in kalmiasendinitpacket is uninitialized when it is passed to the first usbbulkmsg error path. Jiri Pirko noted that it is pointless to...

CVE-2026-43428

A flaw was found in the Linux kernel's USB core. The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs allow for unlimited timeout durations. These APIs use uninterruptible waits, which can cause a task to hang indefinitely. This can lead to a denial of service DoS as the task cannot be...

EUVD-2026-28734

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

UBUNTU-CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

PT-2026-39090

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The usbtmc driver allows users to specify timeout values via an ioctl command, which are then used in usb bulk msg calls. Because usb bulk msg employs unkillable waits, a user could...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the usbtmc driver to call usbbulkmsg with a timeout value specified by the user. This...

ROS-20260304-73-0028

A vulnerability in the usbbulkmsg function of the Linux kernel is related to incorrect resource initialization. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992327 advisory. In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990545)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990545 advisory. In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989496 advisory. In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987696 advisory. In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in...

EUVD-2022-55437

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-50172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails in mt76x02umcusendmsg routine. CVE-2022-50172 Note that Nessus...

SUSE CVE-2022-50172

In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails in mt76x02umcusendmsg routine...

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it ...

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it ...

Moodle has CSRF risk in Feedback non-respondents report

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...