Lucene search
+L

6387 matches found

osv
osv
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53195

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References11
cve
cve
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53196

In the Linux kernel USB: serial: io_ti driver, CVE-2026-53196 describes a heap overflow in get_manuf_info() caused by reading rom_desc->Size bytes from an I2C EEPROM into a 10-byte buffer (kmalloc_obj()). Size is only checked against TI_MAX_I2C_SIZE (16384), allowing a malicious device to set ...

6.8CVSS6AI score0.00284EPSS
Exploits0References11Affected Software1
euvd
euvd
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39287

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6AI score0.00284EPSS
Exploits0References8
osv
osv
added 2026/06/25 8:39 a.m.2 views

CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS6AI score0.00284EPSS
Exploits0References14
cvelist
cvelist
added 2026/06/25 8:39 a.m.31 views

CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

0.00284EPSS
Exploits0References8
debiancve
debiancve
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS5.9AI score0.00284EPSS
Exploits0
debiancve
debiancve
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53195

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

7.8CVSS5.9AI score0.00153EPSS
Exploits0
euvd
euvd
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39286

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

6AI score0.00153EPSS
Exploits0References8
cve
cve
added 2026/06/25 8:39 a.m.21 views

CVE-2026-53195

The CVE-2026-53195 issue affects the Linux kernel USB: serial: io_ti driver. build_i2c_fw_hdr() allocates a fixed buffer and copies img_header->Length (up to 65535) without validating it against remaining space, enabling a potential heap overflow. The root cause is that check_fw_sanity() valid...

7.8CVSS6AI score0.00153EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53195 USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

7.8CVSS6AI score0.00153EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53194

In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...

6AI score0.00148EPSS
Exploits0References9Affected Software1
cve
cve
added 2026/06/25 8:39 a.m.22 views

CVE-2026-53194

The CVE-2026-53194 entry covers a defect in the Linux kernel USB serial driver kl5kusb105 (klsi_105_prepare_write_buffer). The bug occurs when the generic write path uses the bulk-out buffer (size 64) and copies the payload from the write_fifo without reserving space for the 2-byte header, result...

7.8CVSS6AI score0.00148EPSS
Exploits0References11Affected Software1
cvelist
cvelist
added 2026/06/25 8:39 a.m.33 views

CVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflow

In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...

7.8CVSS0.00148EPSS
Exploits0References8
debiancve
debiancve
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53194

In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...

7.8CVSS6AI score0.00148EPSS
Exploits0
euvd
euvd
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39285

In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...

6AI score0.00148EPSS
Exploits0References8
osv
osv
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53137 drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rxidlist read to buffer size Why & How During HDCP 2.x repeater authentication over HDMI, the driver reads the sink's RxStatus register and extracts a 10-bit message size field max value 1023. Th...

7.8CVSS6AI score0.00143EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue exists in the Bluetooth RFCOMM implementation. The function rfcomm get sock by channel scans the rfcomm sk list under a list lock but returns the selected...

8CVSS6.1AI score0.00266EPSS
Exploits0References22
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.33 views

PT-2026-52590

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.10 views

PT-2026-52291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References22
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.4 views

PT-2026-52292

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the get manuf info function. The issue occurs because the function reads a number of bytes specified by the Size field from a device I2C EEPROM into a buffer...

7CVSS6.1AI score0.00284EPSS
Exploits0References25
Rows per page
Query Builder