Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch, and at the same time, ffsepfilerelease is called from the user space. ffsepfilerelea...

SUSE CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

PT-2025-49444

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the USB gadget f fs functionality. Specifically, a NULL pointer dereference can occur in the ffs func eps enable function when accessing epfile-ep after a...

usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

...

OESA-2024-2218 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside ...

UBUNTU-CVE-2022-48822

In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of composition switch and at the same time ffsepfilerelease get called from userspace. ffsepfilerelease will fr...

UBUNTU-CVE-2024-36894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

DEBIAN-CVE-2021-47272

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3gadgetexit if dwc-gadget is NULL There exists a possible scenario in which dwc3gadgetinit can fail: during during host - peripheral mode switch in dwc3setmode, and a pending gadget driver fails to...

PT-2022-35065 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns stricter integer overflow checks in the f fs gadget of the Linux Kernel. It was introduced in version v3.14 and fixed in version v6.0.3. The actual impact and attack...