6310 matches found
CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
CVE-2026-53195
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
CVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflow
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
PT-2026-52291
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...
PT-2026-52290
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab out-of-bounds write exists in the kl5kusb105 USB serial driver. The function klsi 105 prepare write buffer incorrectly handles the bulk-out buffer by storing a two-byte length...
PT-2026-52292
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the get manuf info function. The issue occurs because the function reads a number of bytes specified by the Size field from a device I2C EEPROM into a buffer...
PT-2026-52590
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...
EUVD-2026-38905
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...
CVE-2026-52963
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
CVE-2026-52964
The CVE-2026-52964 issue affects the Linux kernel ALSA usb-audio MIDI 2.0 endpoint parsing. The endpoint-descriptor walking logic validates bLength against bNumGrpTrmBlock but not the remaining bytes, allowing a malformed device to cause baAssoGrpTrmBlkID[] reads to read past the descriptor. The ...
CVE-2026-52963
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: Fixed a memory leak that occurred due to a failure in usbsubmiturb. In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, resulting in a memory leak. The...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: usb8dev: usb8devreadbulkcallback: fixed the URB memory leak. The memory leak was fixed in a similar manner to that in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed the URB memory leak”. In usb8devopen -...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi – Fixed a double-free in the probe error path. The driver currently uses spiallochost to allocate the controller, but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding a lock. This allows the IRQ handler to check whether a transfer is in progress. When clearing the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fixed a memory leak in updateeth regs async When writing to the device registers asynchronously, and if usbsubmiturb fails, the code fails to release the resources allocated for this process...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: USB: UAS – Fix for the URB unmapping issue when the UAS device is removed during ongoing data transfer When a UAS device is unplugged during data transfer, there is a possibility of a system panic occurring. The root cause is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fixed a URB memory leak. The memory leak was fixed in a similar manner to the issue in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed a URB memory leak”. In mcbausbprobe -...
Astra Linux – Vulnerability in grub2
A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader improperly handles string conversions when reading information from a USB device, allowing an attacker to exploit inconsistencies in the length values. A local attacker can...