Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xhci: A null pointer dereference was fixed in the remove function if xHC has only one roothub. The remove function in the xhci platform driver attempts to remove both the main hcd and the shared hcd, even if only the main hcd...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fixed the refcount leak in ohcihcdnxpprobe. ofparsephandle returns a node pointer with a refcount incremented; we should use ofnodeput on it when it is no longer needed. Add ofnodeput to avoid the refcount leak...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xhci: Handling of TD clearing for multiple streams When multiple streams are in use, multiple TDs might be active during the termination of an endpoint. We need to issue a Set TR Dequeue Pointer for each TD to ensure everything i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: Fixed an issue where shared HCD resources were leaked when attempting to set the wake-up IRQ. The issue occurred because it was not possible to set @sharedhcd to NULL before reducing the usage count via usbputhcd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: USB: xHCI – Fix for isochronous Ring Underrun/Overrun event handling The TRB pointer associated with these events points to the enqueue location when an error occurs in xHCI 1.1+ HCs; for older versions, this pointer is NULL. By...

Astra Linux – Vulnerability in Qemu

In QEMU 5.0.0, the hw/usb/hcd-ohci.c file contains an infinite loop when a TD list has a loop...

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xHCI: Corruption of the command ring pointer occurred during command aborts. The command ring pointer is located at bits 6:63 of the command ring control register CRCR. All control bits, such as those related to command stopping...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: lookup hciconn on the RX path at the protocol level The hdev lock/lookup/unlock/use pattern in the packet RX path does not ensure that hciconn is not concurrently modified/deleted. This locking mechanism seems...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xhci: Fixed a issue where a NULL pointer dereference could occur during full-speed re-enumeration of devices. This occurs when re-enumering full-speed devices after a failed “address device” command. Full-speed devices may need t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: sideband: do not dereference a freed ring when removing a sideband endpoint. xhcisidebandremoveendpoint incorrectly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during...

Linux Distros Unpatched Vulnerability : CVE-2026-31754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state...

CVE-2026-31772

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

CVE-2026-31771

A flaw was found in the Linux kernel's Bluetooth subsystem. A remote attacker could exploit a missing bounds check by sending a specially crafted, short Bluetooth Host Controller Interface HCI event frame. This could lead to a buffer overflow, potentially allowing the attacker to cause a denial o...

CVE-2026-43018

A flaw was found in the Linux kernel's Bluetooth component. This Use-After-Free UAF vulnerability arises from insufficient locking during hciconn lookup and access within the hcileremoteconnparamreqevt function. An attacker could potentially exploit this to cause a system crash or execute arbitra...

CVE-2026-31754

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

EUVD-2026-26618

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

CVE-2026-31754

The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow in the Bluetooth HCI synchronization command, which could lead to memory corruption...