CVE-2026-43425

A flaw was found in the Linux kernel's mdc800 USB image driver. When the driver attempts to read data from a USB device, a timeout can occur, leaving a USB Request Block URB in an active state. If a subsequent read operation is initiated, the driver may attempt to resubmit this already active URB...

CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fixed the error message. Since committing the patch 79a6d1bfe114 “can: gsusb: gsusbreceivebulkcallback: error in usbsubmiturb, a failed resubmit URB will print an information message”, a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005503 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim...

CVE-2026-23155

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...

CVE-2026-23155

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...

UBUNTU-CVE-2026-23155

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...

CVE-2026-23155

CVE-2026-23155 affects the Linux kernel; it fixes a gs_usb_receive_bulk_callback path in can: gs_usb by correcting error messaging and resubmission handling. The patch adds null initialization for netdev when reads are short and未assigned, and reports the failed resubmit error value. This is a loc...

CVE-2026-23155

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...

CVE-2026-23155 can: gs_usb: gs_usb_receive_bulk_callback(): fix error message

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix error message Sinc commit 79a6d1bfe114 "can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error" a failing resubmit URB will print an info message. In the case of a short...

EUVD-2026-5447

In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. 0 The repro generated a GUE packet with its inner protocol 0. gueudprecv returns -guehdr-protoctype for "resubmit" in ipprotocoldeliverrcu, but thi...

PT-2026-8150

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s CAN Controller Area Network subsystem, specifically within the gs usb receive bulk callback function. A commit introduced an issue where a failing...

CVE-2025-68343 can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

PT-2025-52759

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the CAN subsystem, specifically in the gs usb receive bulk callback function. The driver incorrectly assumes the presence of a gs host frame...

SUSE CVE-2024-49938

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

AZL-52902 CVE-2024-49938 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

CVE-2024-49938 wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

CVE-2023-35160

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform 2.5-milestone-2 and earlier versions. An attacker can exploit this vulnerability to spoof URLs to inject Javascript code...