3112 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Free rawreport buffers in usbhidstop This fix addresses a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fixed a potential use-after-free issue in the work function. When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer called...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ACPI: Processor: Idle: Check the return value of acpiFetchAcpiDev. The return value of acpiFetchAcpiDev can be NULL, which could lead to a NULL pointer dereferencing in acpiDeviceHid. rjw: Subject and changelog edits, added an...
Astra Linux – Vulnerability in Linux 5.10, Linux
The roccatreportevent in the drivers/hid/hid-roccat.c file in the Linux kernel, as of version 5.19.12, contains a race condition, which can lead to a use-after-free situation under certain conditions when a report is received while the report-value copy operation is in progress...
Astra Linux – Vulnerability in Linux, Linux 5.10
In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out-of-bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device is connected, without the need for additional execution privileges. User...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: HID: intel-thc-hid: intel-thc: Fixed incorrect pointer arithmetic in I2C regs save. Improper use of the secondary pointer &dev-i2csubip regs caused the kernel to crash and led to an out-of-bounds error. BUG: KASAN: Out-of-boun...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: A memory leak was avoided in the magicmousereportfixup function. The magicmousereportfixup function returned a buffer that was allocated using kmemdup. However, this buffer was never freed. The caller of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221 – prevented UAF in delayed work. If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might trigger the devm free code path, resulting in an unavailable struct mcp2221 during delaye...
Astra Linux – Vulnerability in Chromium
Memory access out of bounds in WebHID in Google Chrome prior to version 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption through a malicious HID device. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoided a memory leak in applereportfixup The applereportfixup function was returning a buffer allocated using kmemdup, but never freeing that buffer. The caller of reportfixup does not take ownership of the returned...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: Initialize the acpigpioinfo struct Since commit 7c010d463372 “gpiolib: acpi: Ensure that the acpigpioinfo struct is initialized”, uninitialized acpigpioinfo structures are passed to acpifindgpio, and later, the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: Multitouch: Corrected the reference to the devm device for the hidinput inputdev name. The reference should point to the HID device, rather than the input device, for the allocation of the inputdev name. Referring to the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
BlueZ HID over GATT Profile: Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected BlueZ installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disabling and re-enabling the ACPI GPE bit The EHL Elkhart Lake-based platforms provide an out-of-band service that allows devices to wake up when the system is in the S5 Soft-Off state. This out-of-band...
Astra Linux – Vulnerability in Wireshark
A crash occurred in the USB HID protocol dissector, and possibly in other dissectors in Wireshark versions 3.4.0, 3.2.0 to 3.2.8. This issue allows for denial of service through packet injection or with crafted capture files...
Astra Linux – Vulnerability in bluez
Bluetooth HID Hosts in BlueZ may allow an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, and to accept HID keyboard reports. This could potentially allow the injection of HID messages when no user interaction has occurred in the Central role, thereby...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fixed a memory leak in hidrawrelease Free the buffered reports before deleting the list entry. BUG: memory leak Unreferenced object 0xffff88810e72f180 size 32: comm “softirq”, pid 0, jiffies 4294945143 age 16.080s He...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel version up to 6.1.9, there is a use-after-free issue in the bigbenremove function within the drivers/hid/hid-bigbenff.c file, caused by a crafted USB device. This issue arises because the LED controllers remain registered for an excessively long period of time...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL dereference on failed power-up Some time ago, the I2C HID implementation was split into an ACPI and OF part. However, the new OF driver never initializes the client pointer, which is dereferenced in case...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021567)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021567 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC...