62 matches found
CVE-2021-47173
CVE-2021-47173 is a Linux kernel issue described in connected advisories as a memory-leak bug in the USB subsystem. Specifically, the probe for the uss720 device (uss720_probe) forgets to decrement the usbdev refcount, leading to a memory leak. The fix recorded in the sources is to release the de...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...
CVE-2021-46933
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from both ffsfskillsb and ffsep0release, so it ends up being called twice when userland closes ep0 and then unmounts ffs. If userland provided ...
CVE-2021-46933 usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from both ffsfskillsb and ffsep0release, so it ends up being called twice when userland closes ep0 and then unmounts ffs. If userland provided ...
USN-6549-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...
kernel: usb: typec: ucsi: Don't attempt to resume the ports before they exist
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...
CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
CVE-2023-37453
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c...
The vulnerability of the Linux operating system’s kernel USB driver allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the Linux operating system’s kernel USB driver is related to the use of a buffer for writing after deletion in the putdev function. Exploiting this vulnerability can allow an attacker to cause a service failure or increase their privileges...
CVE-2022-41849
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open, aka a race condition between ufxopsopen and ufxusbdisconnect...
CVE-2021-39685
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
The usbdestroyconfiguration function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, du...
CVE-2017-16644
The hdpvrprobe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service improper error handling and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-16650
The qmiwwanbind function in drivers/net/usb/qmiwwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service divide-by-zero error and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-16529
The sndusbcreatestreams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-16531
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device, related to the USBDTINTERFACEASSOCIATION descriptor...
CVE-2017-0537
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18...
PT-2017-1389
Name of the Vulnerable Software and Affected Versions Android versions Kernel-3.18 Description An information disclosure issue in the kernel USB gadget driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged...
CVE-2015-7515
The aiptekprobe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted USB device that lacks endpoints...