7 matches found
CVE-2026-23447
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
CVE-2026-23448
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
CVE-2026-23447
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
PT-2026-30143
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the cdc ncm rx verify ndp16 function where the bounds check for NDP16 nframes omits the ndpoffset value. This allows the DPE entries to extend pas...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000766)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000766 advisory. Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003002)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003002 advisory. Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash ...