CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

Linux Distros Unpatched Vulnerability : CVE-2026-31725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase wit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007310 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989908)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989908 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009...

CVE-2025-40093

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

EUVD-2023-46966

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-50202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at miscopen 1, for there is a race window of AB-BA deadlock whi...

CVE-2023-42533

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...

CVE-2023-42533

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...

Input validation

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...

CVE-2023-42533

CVE-2023-42533 affects Samsung Mobile devices prior to SMR Nov-2023 Release 1. The root cause is improper input validation on the USB Gadget Interface, allowing a physical attacker to execute arbitrary code in the kernel. Impact is kernel compromise with high confidentiality, integrity, and avail...

PT-2023-28399 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: SMR versions prior to Nov-2023 Release 1 Description: The issue is related to improper input validation with the USB Gadget Interface, allowing a physical attacker to execute arbitrary code in the Kernel. Recommendations: For versions prior t...

CVE-2022-4382

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side...

USN-5417-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive...