CVE-2026-46184

CVE-2026-46184 affects the Linux kernel sound stack (ua101). The root cause is a missing sanity check for bNrChannels in detect_usb_format(), allowing a device with bNrChannels = 0 to cause frame_bytes to be zero and be used as a divisor in URB completion handlers, which leads to a kernel crash i...

CVE-2026-46073

A flaw was found in the Linux kernel's hwmon subsystem, specifically within the powerz driver. When a signal interrupt occurs during the waitforcompletioninterruptibletimeout function, the system fails to properly abort the USB Request Block URB. This oversight can lead to the kernel attempting t...

CVE-2026-46074

CVE-2026-46074 (Linux kernel, spi: ch341) : A fix addresses memory leaks and use-after-free during probe failures for the ch341 SPI driver. The workaround involves properly deregistering the controller, disabling pins, and killing/freeing the RX URB on failures to mirror disconnect. An explicit U...

CVE-2026-46073

CVE-2026-46073 concerns the Linux kernel hwmon (powerz) driver. The vulnerability arises because wait_for_completion_interruptible_timeout() can return -ERESTARTSYS on signal interruption, and the original code may skip usb_kill_urb() when handling this negative/zero return, leading to reads from...

PT-2026-43940

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix missing usb kill urb on signal interrupt wait for completion interruptible timeout returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the devic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: An error occurred in usbsubmiturb, causing the URB to be unanchored before it is processed by gsusbreceivebulkcallback. In commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fix URB...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x – Kill URBs before clearing the txstatusqueue. In rtl8187stop, the call to usbkillanchoredurbs is moved before clearing the btxstatusqueue. This change prevents callbacks from using already freed skb if the anchor...

SUSE CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

CVE-2026-43425 usb: image: mdc800: kill download URB on timeout

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb image mdc800 driver failing to terminate downloadurb when it is in a hyper-threaded state...

Linux Distros Unpatched Vulnerability : CVE-2026-43425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not...

SUSE CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

SUSE CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

CVE-2026-43223

A flaw was found in the Linux kernel's pvrusb2 media driver. When the pvr2sendrequestex function submits a write USB Request Block URB but fails to submit a read URB, the write URB remains active. A subsequent attempt to use this URB triggers a warning, which can lead to system instability or a...

EUVD-2026-27814

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

EUVD-2026-27786

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

EUVD-2026-27740

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...