Lucene search
+L

49 matches found

CVE
CVE
added 4 hours ago4 views

CVE-2026-63890

The CVE-2026-63890 entry describes a Linux kernel vulnerability in the SCSI FCoE CVL walker where an unauthenticated L2 peer can hang fcoe_ctlr_recv_work on fcoe, qedf, or bnx2fc initiators by sending a CVL frame with a non‑critical descriptor (fip_dtype >= 128) and fip_dlen == 0. The issue ar...

5.4AI score
Exploits0References8
Cvelist
Cvelist
added 4 hours ago3 views

CVE-2026-63890 scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Reject FIP descriptors with zero fipdlen in CVL walker drivers/scsi/fcoe/fcoectlr.c::fcoectlrrecvclrvlink advanced the descriptor cursor by an attacker-supplied fipdlen without ever requiring dlen = sizeofstruct fipde...

Exploits0References8
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-45663

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Reject FIP descriptors with zero fipdlen in CVL walker drivers/scsi/fcoe/fcoectlr.c::fcoectlrrecvclrvlink advanced the descriptor cursor by an attacker-supplied fipdlen without ever requiring dlen = sizeofstruct fipde...

5.4AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 19 hours ago3 views

PT-2026-61207

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Reject FIP descriptors with zero fip dlen in CVL walker drivers/scsi/fcoe/fcoe ctlr.c::fcoe ctlr recv clr vlink advanced the descriptor cursor by an attacker-supplied fip dlen without ever requiring dlen = sizeofstruc...

5.3AI score
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS6AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS0.00284EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

7CVSS5.9AI score0.00284EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

0.00284EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:39 a.m.8 views

EUVD-2026-39287

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6AI score0.00284EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52292

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the get manuf info function. The issue occurs because the function reads a number of bytes specified by the Size field from a device I2C EEPROM into a buffer...

7CVSS6.1AI score0.00284EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS0.00128EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to valida...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 10:16 a.m.13 views

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS0.00128EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 9:36 a.m.28 views

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/28 9:36 a.m.12 views

EUVD-2026-32773

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.8AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

0.00128EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.23 views

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

9.8CVSS6AI score0.03663EPSS
Exploits11References293
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

DEBIAN-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi.debug: A sanity check was performed to ensure that the block descriptor length in respmodeselect was valid. BUG: KASAN: A use-after-free condition occurred in respmodeselect+0xa4c/0xb40, located in...

7.8CVSS6.2AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder