56 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...
CVE-2026-31617
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...
UBUNTU-CVE-2026-23448
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...
CVE-2026-23448 net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21743)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21743 advisory. - In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
CVE-2025-20806
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479...
CVE-2025-20805
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
CVE-2025-20804
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503...
CVE-2025-20807
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451...
CVE-2025-20807
CVE-2025-20807 affects dpe with an out-of-bounds write caused by an integer overflow. Local privilege escalation is possible if an attacker already has System privileges; no user interaction is required. Patch ALPS10114841 (Issue MSV-4451) is provided as a fix. Connected sources from Red Hat, NVD...
CVE-2025-20806
Impactful but constrained: CVE-2025-20806 is a memory corruption via use-after-free in dpe that could enable local escalation of privilege to System level. Exploitation requires local access; no user interaction is needed. Root cause is use-after-free vulnerability in dpe; no explicit affected pr...
CVE-2025-20805
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480...
CVE-2025-20804
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503...
CVE-2025-20804
CVE-2025-20804 : The description indicates a memory corruption via a use-after-free in the dpe component, enabling local escalation of privilege to System level with user interaction required for exploitation. The entry notes a Patch ID ALPS10198951 and Issue ID MSV-4503. Public references across...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
PT-2026-1388
Name of the Vulnerable Software and Affected Versions dpe affected versions not specified Description A memory corruption issue exists in dpe due to an integer overflow. Successful exploitation could allow a malicious actor to gain local system privileges, but requires the attacker to already hav...
PT-2026-1392
Name of the Vulnerable Software and Affected Versions dpe affected versions not specified Description An out-of-bounds write issue exists in dpe due to an integer overflow. Successful exploitation could allow a malicious actor with System privileges to escalate privileges locally. User interactio...
kernel: usbnet: ipheth: fix possible overflow in DPE length check
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...