UBUNTU-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

CVE-2026-23679

CVE-2026-23679 affects libusb 0 but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer, causing an early return without allocating the endpoint array. Exploitation vectors include providing crafted descriptors via libusb_get_active_config_descriptor or libusb_g...

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

CVE-2026-47104

CVE-2026-47104 affects libusb before 1.0.30. The vulnerability is a one-byte out-of-bounds read in parse_iad_array() in descriptor.c, allowing a denial of service when a malformed USB descriptor is supplied with bLength equal to size minus one, causing the bounds check to use the original buffer ...

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

EUVD-2026-32411

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-45925

The CVE pertains to the Linux kernel thermal subsystem. In thermal_of_cm_lookup(), a reference leak occurs because tr_np is obtained via of_parse_phandle() but not released. The fix uses the __free(device_node) cleanup attribute to automatically release the node and close the leak. The connected/...

CVE-2026-45925 thermal/of: Fix reference leak in thermal_of_cm_lookup()

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...

CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

SUSE CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

PT-2026-44149

Description SymfonyComponentYamlParser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small input c...

PT-2026-43696

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-125 (ALASDOCKER-2026-125)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-125 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

CVE-2026-45839

bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...

PT-2026-43792

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermal of cm lookup In thermal of cm lookup, tr np is obtained via of parse phandle, but never released. Use the freedevice node cleanup attribute to automatically release the node and fix the...

USN-8063-2 protobuf vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...