CVE-2022-50220 usbnet: Fix linkwatch use-after-free on disconnect

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnetdeferredkevent to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in -ndostop. But in 2003, that was moved ...

CVE-2025-21741

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header...

CVE-2025-21742

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, so it was possible f...

AZL-49895 CVE-2024-46861 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: Payload too short Payload formatted incorrecly e.g. bad NCM framing Lack of memory None of these should cause the driver to seize u...