kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

PT-2026-34959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write exists in the USB/IP client. The function usbip pack ret submit unconditionally overwrites the number of packets variable from the network PDU. A malicious...

Advanced BLE Scanner with RPA / IRK Tracking

A Bluetooth Low Energy BLE scanner for Flipper Zero that supports Resolvable Private Address RPA resolution. It discovers nearby BLE devices, tracks each device by MAC address, logs signal strength RSSI history, device name, first/last seen timestamps, and packet count. The scanner features a...

CVE-2025-39856

CVE-2025-39856 concerns the Linux kernel network driver for TI am65 CPSW-NUSS (CPSW2G) where, in the TX completion path, the variable ndev may be accessed before initialization if no TX packets have been processed. This can cause a null pointer dereference and kernel crash. Affected component: ne...

CVE-2024-56770

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, 'qlen' only...