Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A issue was discovered in the drivers/input/input.c file within the Linux kernel before version 5.17.10. An attacker can cause a denial of service panic if inputsetcapability mishandles situations where an event code falls outside of a bitmap...

EUVD-2026-25518

In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alpsrawevent Commit ecfa6f34492c "HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them" attempted to fix up the HID drivers that had missed the previous fix that was done i...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011347 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002798)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002798 advisory. drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly hav...

CVE-2025-40263

CVE-2025-40263 is described in connected advisories as a Linux kernel issue where, if cros_ec_keyb_register_matrix() is not called in cros_ec_keyb_probe() (due to buttons_switches_only), ckdev->idev may remain NULL, leading to an invalid memory access in cros_ec_keyb_work() when handling EC_MK...

EUVD-2025-32761

In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops...

EUVD-2016-9323

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-20636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka...

Linux Distros Unpatched Vulnerability : CVE-2022-49954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: iforce - wake up after clearing IFORCEXMITRUNNING flag syzbot is reporting hung task at inputunregisterdevice 1, for iforceclose waiting at...

CVE-2022-48836 Input: aiptek - properly check endpoint type

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usbsubmiturb which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old...

CVE-2023-52884 Input: cyapa - add missing input core locking to suspend/resume functions

In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input-mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system suspend/resume cycl...

UBUNTU-CVE-2023-52840

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction The putdevice calls rmireleasefunction which frees "fn" so the dereference on the next line "fn-numofirqs" is a use after free. Move the putdevice to the end to...

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

...

SUSE CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...

DEBIAN-CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...

AZL-33499 CVE-2022-48619 affecting package kernel for versions less than 5.15.148.1-1

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...

UBUNTU-CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...

SUSE CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

kernel: out-of-bounds write via crafted keycode table

An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat fro...

kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free

A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system...