SUSE CVE-2026-45931

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

PT-2026-43798

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu sva unbind device Some tests trigger a crash in iommu sva unbind device due to accessing iommu mm after the associated mm structure has been freed. Fix this by taking an explicit...

EUVD-2026-15345

In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not ha...

CVE-2025-10910

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

PT-2025-52214

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

DEBIAN-CVE-2022-50655

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

EUVD-2014-4557

Malware in sbrugna...

EUVD-2023-35973

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-50360

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper DP bridge lifecycle management, which could result in a resource leak or device binding failure...

SUSE CVE-2025-39774

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device e.g., a thermal hardware blo...

UBUNTU-CVE-2025-39774

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device e.g., a thermal hardware blo...

PT-2024-33146 · Unknown · Cloud Smart Lock

Name of the Vulnerable Software and Affected Versions: Cloud Smart Lock version 2.0.1 Description: The issue concerns a leaked URL in the APK file that can be used to call an API for binding physical devices. This allows attackers to construct requests to bind the app to unknown devices by findin...

CVE-2024-48548

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack...

SUSE CVE-2022-49021

In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 1 PREEMPT SMP KASAN PTI CPU: 1...

UBUNTU-CVE-2024-40945

In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice iommusvabinddevice should return either a sva bond handle or an ERRPTR value in error cases. Existing drivers idxd and uacce only check the return value with ISERR. This could...

UBUNTU-CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

PT-2023-34403 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.163 Description: The issue is related to the handling of network packets, specifically the association of a socket buffer skb with a device during transmission tx. The actual impact and potential for attac...