57 matches found
CVE-2026-31617
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...
UBUNTU-CVE-2026-23448
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...
CVE-2026-23448 net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21743)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21743 advisory. - In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
CVE-2025-20804
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503...
CVE-2025-20805
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480...
CVE-2025-20806
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479...
CVE-2025-20807
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451...
CVE-2025-20807
CVE-2025-20807 affects dpe with an out-of-bounds write caused by an integer overflow. Local privilege escalation is possible if an attacker already has System privileges; no user interaction is required. Patch ALPS10114841 (Issue MSV-4451) is provided as a fix. Connected sources from Red Hat, NVD...
CVE-2025-20806
Impactful but constrained: CVE-2025-20806 is a memory corruption via use-after-free in dpe that could enable local escalation of privilege to System level. Exploitation requires local access; no user interaction is needed. Root cause is use-after-free vulnerability in dpe; no explicit affected pr...
CVE-2025-20805
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480...
CVE-2025-20804
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503...
CVE-2025-20804
CVE-2025-20804 : The description indicates a memory corruption via a use-after-free in the dpe component, enabling local escalation of privilege to System level with user interaction required for exploitation. The entry notes a Patch ID ALPS10198951 and Issue ID MSV-4503. Public references across...
CVE-2025-20803
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504...
PT-2026-1392
Name of the Vulnerable Software and Affected Versions dpe affected versions not specified Description An out-of-bounds write issue exists in dpe due to an integer overflow. Successful exploitation could allow a malicious actor with System privileges to escalate privileges locally. User interactio...
PT-2026-1388
Name of the Vulnerable Software and Affected Versions dpe affected versions not specified Description A memory corruption issue exists in dpe due to an integer overflow. Successful exploitation could allow a malicious actor to gain local system privileges, but requires the attacker to already hav...
kernel: usbnet: ipheth: fix possible overflow in DPE length check
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...