Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb:dwc3:st: fix probed platform device ref count on probe error path The probe function never performs any platform device allocation. Therefore, the error path “undoplatformdevalloc” is completely spurious. It simply reduces th...

Linux Distros Unpatched Vulnerability : CVE-2021-47271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnspthreadirqhandler Patch fixes the following critical...

Vulnerability of the dwc3_wIndex_to_dep() function in the drivers/usb/dwc3/ep0.c module – The USB device driver support module in the Linux kernel allows a hacker to trigger a service failure.

Vulnerability of the dwc3wIndextodep function in the drivers/usb/dwc3/ep0.c module – The Linux kernel’s USB device support driver relies on the assignment of the NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-49943

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udcmutex A recent commit expanding the scope of the udclock mutex in the gadget core managed to cause an obscure and slightly bizarre lockdep violation. In abbreviated form:...

CVE-2022-50133 usb: xhci_plat_remove: avoid NULL dereference

In the Linux kernel, the following vulnerability has been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a "usb: host: xhci-plat: omit shared hcd if either root hub has no ports" xhci-sharedhcd can be NULL, which causes the following Oops...

CVE-2022-50034 usb: cdns3 fix use-after-free at workaround 2

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in listdelentryvalid+0x10/0xac cdns3wa2removeoldrequest ... kfreeprivreq-request.buf; cdns3gadgetepfreerequest&privep-endpoint, &privreq-request;...

CVE-2025-37811 usb: chipidea: ci_hdrc_imx: fix usbmisc handling

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data-usbmiscdata to have a NULL value. Check that before dereferencing the pointer. Found by Linux...

CVE-2023-53045

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: don't let userspace block driver unbind In the unbind callback for fuac1 and fuac2, a call to sndcardfree via gaudiocleanup will disconnect the card and then wait for all resources to be released, which happe...

CVE-2025-21918

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated...

Vulnerability of the ci_hdrc_imx_probe() function in the drivers/usb/chipidea/ci_hdrc_imx.c module – This driver provides support for USB devices on Linux kernels. It can be exploited by attackers to cause system failures.

Vulnerability of the cihdrcimxprobe function in the drivers/usb/chipidea/cihdrcimx.c module – The Linux kernel’s USB device support driver is vulnerable due to a pointer issue related to NULL pointers. Exploiting this vulnerability could allow an attacker to cause system failures...

Vulnerability of the dsps_probe() function in the drivers/usb/musb/musb_dsps.c module – The driver for supporting USB devices in Linux kernels allows a hacker to cause a service failure.

Vulnerability of the dspsprobe function in the drivers/usb/musb/musbdsps.c module – The Linux kernel’s USB device support driver is vulnerable due to a pointer issue related to NULL pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2023-52938

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...

CVE-2022-49755

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Prevent race during ffsep0queuewait While performing fast composition switch, there is a possibility that the process of ffsep0write/ffsep0read get into a race condition due to ep0req being freed up from...

CVE-2022-49755 usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Prevent race during ffsep0queuewait While performing fast composition switch, there is a possibility that the process of ffsep0write/ffsep0read get into a race condition due to ep0req being freed up from...

CVE-2023-52938 usb: typec: ucsi: Don't attempt to resume the ports before they exist

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...

The vulnerability of the Linux operating system’s kernel USB component, which allows a hacker to trigger a service failure

The vulnerability of the usbtmccreateurb function in the Linux kernel USB component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

CVE-2022-49302

In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...

CVE-2025-21689

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2processreadurb This patch addresses a null-ptr-deref in qt2processreadurb due to an incorrect bounds check in the following: if newport serial-numports deverr&port-dev, "%s - port...

CVE-2024-53203 usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

CVE-2024-50150 usb: typec: altmode should keep reference to parent

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent and put it in the...