31 matches found
CVE-2026-23307
A flaw was found in the Linux kernel's emsusb module. This vulnerability occurs because the system does not properly verify the length of messages it receives. An attacker could exploit this weakness by sending specially crafted messages, potentially causing the system to crash Denial of Service...
EUVD-2026-15248
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
UBUNTU-CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23307
CVE-2026-23307 concerns the Linux kernel CAN/EMS USB code, where ems_usb_read_bulk_callback() failed to validate message lengths, reading beyond buffers because actual_length can exceed the expected transfer_buffer_length, risking overflow when parsing messages. The root cause is insufficient len...
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
SUSE CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
UBUNTU-CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
CVE-2026-23058 can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
CVE-2026-23058
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In emsusbopen, the URBs for USB-in transfers are allocated,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001695)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001695 advisory. emsusbstartxmit in drivers/net/can/usb/emsusb.c in the Linux kernel through 5.17.1 has a double free. Tenable has extracted the preceding description block directly...
PT-2026-6128
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ems usb read bulk callback function. This issue occurs because the USB framework unanchors URBs before the completion function is called,...
TencentOS Server 3: kernel (TSSA-2024:1022)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1022 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CLSA-2023-1683146027 kernel: Fix of 23 CVEs
media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - net: mpls: fix stale pointer if allocation fails during device rename CVE-2023-26545 - net/ulp: prevent ULP without clone op from entering the LISTEN status CVE-2023-0461 - Bluetooth: L2CAP: Fix u8 overflow CVE-2022-45934 -...
SUSE CVE-2022-28390
emsusbstartxmit in drivers/net/can/usb/emsusb.c in the Linux kernel through 5.17.1 has a double free...