SUSE CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

A flaw was found in the Linux kernel's USB printer usblp driver. A malicious USB printer can exploit a heap leak vulnerability by sending a truncated device ID response. This can lead to the disclosure of up to 1021 bytes of uninitialized kernel memory, potentially exposing sensitive information ...

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

UBUNTU-CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

EUVD-2026-32778

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

The CVE-2026-46151 issue affects the Linux kernel usb: usblp driver. A vulnerable path in usblp_ctrl_msg() discards the actual bytes transferred, enabling a short GET_DEVICE_ID transfer to be misinterpreted. The cache_device_id_string() reads a 2-byte big-endian length from the response and trust...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the short IEEE 1284 device ID response in the usb usblp protocol, leading to a heap leak and...

PT-2026-44274

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp ctrl msg collapses the usb control msg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GET...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: HID: Ignore non-functional sensors in the HP 5MP Camera The HP 5MP Camera USB ID 0408:5473 reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iioinfo causes the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: octeonep VF: fixed the issue where the devid mismatch occurred during the IRQ rollback. The octepvfrequestirqs function requests MSI-X queues of IRQs with the devid set to ioqvector. If requestirq fails halfway through, t...

CVE-2026-22706 Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authentication...

EUVD-2026-30355

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authentication...

GHSA-HVP3-26WX-G2W4 Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...

MINI-PXX3-V887-JCR3

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-43056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: fix use-after-free in addadev error path If auxiliarydeviceadd fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: i40e: fixed the issue of freeing IRQs in the i40evsirequestirqmsix error path. If requestirq in i40evsirequestirqmsix fails in an iteration later than the first one, the error path attempts to free the IRQs that have been request...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clkhwgetclk when dev is NULL Any registered clkcore structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clkregister and clkhwregister with a NULL...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: vpvdpa: fixed the issue where the idtable array was not terminated with a null terminator. Also, an additional virtiodeviceid was allocated as a null terminator. Otherwise, vdpamgmtdevgetclasses might iterate multiple times an...