LSN-0119-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfsreftreemod after we successfully inserted the new ref entry local variable 'ref' into the respective block entry's rbtree local variable 'be', if we find an...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004416 advisory. In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003949 advisory. In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka...

ROS-20260114-7324

A vulnerability in the drivers/usb/class/cdc-acm.c component of the Linux kernel is related to errors in processing length parameters. Exploitation of the vulnerability could allow an attacker to affect data integrity...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000788 advisory. The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer...

CLSA-2025-1763734783 kernel: Fix of 64 CVEs

media: bttv: fix use after free error due to btv-timeout timer CVE-2023-52847 - firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 - wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 - vsock: Fix transport TOCTOU CVE-2025-38461 - ALSA:...

CLSA-2025-1759432250 kernel: Fix of 36 CVEs

ASoC: topology: Clean up route loading CVE-2024-41069 - ASoC: topology: Fix references to freed memory CVE-2024-41069 - drm/dpmst: Fix MST sideband message body length check CVE-2024-56616 - Bluetooth: L2CAP: Fix not validating setsockopt user input CVE-2024-35965 - Bluetooth: L2CAP:...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check the control transfer buffer size before accessing it. If the first fragment is shorter than struct usbcdcnotification, we cannot calculate the expectedsize. Instead, log an error and discard the notification...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice CVE-2024-40945 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the Linux kernel, the...

CVE-2025-21704 usb: cdc-acm: Check control transfer buffer size before access

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usbcdcnotification, we can't calculate an expectedsize. Log an error and discard the notification instead of reading...

PT-2025-7541

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue Description A memory corruption issue exists due to incorrect handling of control transfer buffer sizes in the usb: cdc-acm module. When the first fragment is...

CVE-2023-48697

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48696

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class,...

Null pointer dereference

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class,...

Buffer overflow

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48696

Azure RTOS USBX contains a remote code execution vulnerability caused by an expired pointer dereference in the USBX host/CDC ACM path for RTOS v6.2.1 and earlier. Affected component: USBX within Azure RTOS USBX stack (host class/CDC ACM). Remediation: upgrade to USBX release 6.3.0 or later. Explo...

SUSE CVE-2016-3138

The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...

The vulnerability in the driver drivers/usb/class/cdc-acm.c of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the drivers/usb/class/cdc-acm.c file of the Linux operating system is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef...