Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two distinctly different samples of NEC uPD720200 one with a start/stop bug, one without it were observed to cause IOMMU faults after some Missed Service Errors. The...

USN-8412-1: QEMU vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...

CVE-2026-45911 usb: cdns3: fix role switching during resume

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

PT-2026-43778

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 driver when a role switch to host mode happens during the system resume process. The start operation of the host role registers a xhci-hcd...

PT-2026-39092

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs when reading portli debugfs files. This happens when the number of port registers counted in xhci-max ports exceeds the ports reported by Supported...

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mips: bmips: BCM6358: disabled RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fixed a race condition between concurrent call paths that invoke dwc3removerequests. This patch addresses a race condition caused by unsynchronized execution of multiple call paths that invoke dwc3removerequests, leadi...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: dwc3 – A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must also have dput called upon it; otherwise, memory will leak over time. To simplify this, simply call debugfslookupandremove,...

RLSA-2026:0793 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Make dma-fences compliant with the safe access rules CVE-2025-38703 kernel: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength CVE-2025-39933 kernel:...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

RHEL 9 : kernel-rt (RHSA-2026:0534)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0534 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2023-53986

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...

CVE-2023-53986 mips: bmips: BCM6358: disable RAC flush for TP1

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...

CVE-2025-68287

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking dwc3removerequests, leading to premature...

PT-2025-51691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a race condition within the dwc3 remove requests function. This occurs due to unsynchronized execution of multiple call paths, potentially...

DEBIAN-CVE-2023-53840

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbcbulkwrite fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbctrace is called. Reserve an extra byte,...