CVE-2026-45923 net: usb: catc: enable basic endpoint checking

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

PT-2026-43790

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The catc probe function fills three USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb sndbulkpipeusbdev, 1 and u...

EUVD-2026-27715

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

CVE-2026-43156

The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003120 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002622 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002921)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002921 advisory. The mctu232msrtostate function in drivers/usb/serial/mctu232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NU...

SUSE CVE-2025-21708

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: enable basic endpoint checking Syzkaller reports 1 encountering a common issue of utilizing a wrong usb endpoint type during URB submitting stage. This, in turn, triggers a warning shown below. For now, enable...

SUSE CVE-2016-3136

The mctu232msrtostate function in drivers/usb/serial/mctu232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted USB device without two interrupt-in endpoint descriptors...

SUSE CVE-2016-3137

drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypressgenericportpro...

DEBIAN-CVE-2016-3136

The mctu232msrtostate function in drivers/usb/serial/mctu232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted USB device without two interrupt-in endpoint descriptors...