17 matches found
Astra Linux - уязвимость в qemu
A flaw was discovered in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, in order to reduce overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on th...
CVE-2026-24681
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989018)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989018 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987578)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987578 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not...
CVE-2023-53523 can: gs_usb: fix time stamp counter initialization
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect and then the struct...
SUSE CVE-2021-47474
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
DEBIAN-CVE-2021-47474
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
CVE-2021-47474
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
CVE-2021-47474
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
UBUNTU-CVE-2021-47475
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...
UBUNTU-CVE-2021-47474
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
CVE-2021-47475 comedi: vmk80xx: fix transfer-buffer overflows
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...
CVE-2021-47475 comedi: vmk80xx: fix transfer-buffer overflows
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...
CVE-2021-47474 comedi: vmk80xx: fix bulk-buffer overflow
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doi...
CVE-2021-47474
CVE-2021-47474 affects the Linux kernel driver family for comedi vmk80xx. The vulnerability arises from the driver using endpoint-sized buffers while assuming tx and rx buffers are equal size; a malicious device could overflow the slab-allocated receive buffer during bulk transfers. The issue is ...
QEMU: usbredir: free() call on invalid pointer in bufp_alloc()
A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...
PT-2021-7379
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the USB redirector device of QEMU, where small USB packets are combined into a single, large transfer request to improve performance. The combined size of the bulk transfer i...