Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed race between aiocancel and AIO request complete FFS-based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013089)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013089 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix epfile null pointer access after ep enable. A race condition occurs when...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011254)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011254 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix epfile null pointer access after ep enable. A race condition occurs when...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005062)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005062 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can...

CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000887 advisory. Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain...

UBUNTU-CVE-2025-40315

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix epfile null pointer access after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear called in ffsdatareset sets ffs-epfiles to NULL before resettin...

CVE-2025-40315 usb: gadget: f_fs: Fix epfile null pointer access after ep enable.

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix epfile null pointer access after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear called in ffsdatareset sets ffs-epfiles to NULL before resettin...

CVE-2025-40315

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix epfile null pointer access after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear called in ffsdatareset sets ffs-epfiles to NULL before resettin...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988808 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Prevent race during ffsep0queuewait While performing fast composition switch,...

EUVD-1999-0482

Malware in sbrugna...

EUVD-2023-58158

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-46933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from...

Linux Distros Unpatched Vulnerability : CVE-2022-49755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: ffs: Prevent race during ffsep0queuewait While performing fast composition switch, there is a possibility that the process of ffsep0write/ffsep0rea...

CVE-2023-5885

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users...

CVE-2019-5601

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding...

CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS filesystems...

SUSE CVE-2022-49755

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Prevent race during ffsep0queuewait While performing fast composition switch, there is a possibility that the process of ffsep0write/ffsep0read get into a race condition due to ep0req being freed up from...

The vulnerability of the ffs_data_clear() function in the Linux kernel’s gadget component, which allows a hacker to cause a service failure

The vulnerability of the ffsdataclear function in the Linux kernel’s gadget component is related to a possible overflow of the link counter. Exploiting this vulnerability could allow an attacker to cause a service failure...