CVE-2026-31617

The CVE affects the Linux kernel USB Network Control Model (NCM) gadget driver (usb: gadget: f_ncm). A missing lower bound on block_len checks for NTB headers allows an underflow in ndp_index and datagram offset calculations when block_len ndp_size or dpe_size. This can let a malicious USB host c...

CVE-2026-31617

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...

PT-2026-34969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ncm unwrap ntb function where the block len read from the host-supplied NTB header lacks a lower bound check. When block len is smaller than opts-ndp size, the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the minimum block len in the ncmunwrapntb function. This vulnerabilit...

CLSA-2024-1718973513 Fix of 21 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26777 - fbdev: sis: Error out if pixclock equals zero CVE-url: https://ubuntu.com/security/CVE-2021-47542 - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic83xxaddrings CVE-url: https://ubuntu.com/security/CVE-2021-47518 - nfc: fix...

CVE-2024-27405 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...