24 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with...
Linux Distros Unpatched Vulnerability : CVE-2026-53195
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then...
USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
...
SUSE CVE-2026-53196
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53195
A flaw was found in the USB: serial: ioti module of the Linux kernel. The buildi2cfwhdr function allocates a fixed-size buffer but copies data into it without properly validating the input length from the firmware header. This oversight allows an attacker to provide a crafted firmware image,...
CVE-2026-53196
A flaw was found in the Linux kernel's ioti USB serial driver. A malicious USB device, when plugged into a host running this driver, can exploit a heap overflow vulnerability in the getmanufinfo function. This occurs because the driver does not properly validate the size of data read from the...
CVE-2026-53196
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
EUVD-2026-39287
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53196
In the Linux kernel USB: serial: io_ti driver, CVE-2026-53196 describes a heap overflow in get_manuf_info() caused by reading rom_desc->Size bytes from an I2C EEPROM into a 10-byte buffer (kmalloc_obj()). Size is only checked against TI_MAX_I2C_SIZE (16384), allowing a malicious device to set ...
CVE-2026-53195 USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
EUVD-2026-39286
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
CVE-2026-53195
The CVE-2026-53195 issue affects the Linux kernel USB: serial: io_ti driver. build_i2c_fw_hdr() allocates a fixed buffer and copies img_header->Length (up to 65535) without validating it against remaining space, enabling a potential heap overflow. The root cause is that check_fw_sanity() valid...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003446)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003446 advisory. The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003073)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003073 advisory. In changeportsettings in drivers/usb/serial/ioti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial...
CVE-2017-18360
CVE-2017-18360 affects the Linux kernel: in drivers/usb/serial/io_ti.c, change_port_settings before version 4.11.3 allows a local attacker to trigger a division-by-zero in the serial device layer when attempting to set very high baud rates, causing a denial of service. Public references (NVD entr...
kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service
A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...
kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service
A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...
CVE-2017-8924
The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg ringbuffer and syslog from uninitialized kernel memory by using a crafted USB device posing as an ioti USB serial device to trigger an...
DEBIAN-CVE-2017-8924
The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg ringbuffer and syslog from uninitialized kernel memory by using a crafted USB device posing as an ioti USB serial device to trigger an...
UBUNTU-CVE-2017-8924
The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg ringbuffer and syslog from uninitialized kernel memory by using a crafted USB device posing as an ioti USB serial device to trigger an...