UBUNTU-CVE-2026-46184

In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage. ============================================ WARNING: Possible recursive locking detected 5.18.0 3 No...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix for access violation during port device removal Testing with KASAN and syzkaller revealed a bug in the port.c file: the usbhubtostructhub function may return NULL if the hub to which the port belongs is removed...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one that acquires a device lock on an ancestor devic...

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

EUVD-2026-28734

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

CVE-2026-43428

CVE-2026-43428 affects the Linux kernel USB core. The vulnerability arises from usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() allowing unbounded, uninterruptible timeouts, which could hang a task indefinitely. The fix enforces a maximum timeout of 60 seconds and treats negative timeo...

PT-2026-39089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The usb control msg, usb bulk msg, and usb interrupt msg APIs in usbcore allow unlimited timeout durations. Because these APIs utilize uninterruptible waits, a task can be hung...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw in incorrect access control in the Linux kernel’s USB core subsystem was discovered in the way users attach USB devices. A local user could exploit this flaw to crash the system...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing The usbparsessendpointcompanion function checks the descriptor type before the length, thereby preventing an unexpected read outside of the buffer size. This...

DEBIAN-CVE-2026-31581

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6firechipabort, the chip struct is allocated as the card's private data via sndcardnew with sizeofstruct sfirechip. When sndcardfreewhenclosed is called and no file handles are...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006759 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usbparsessendpointcompanion...

Security Bulletin: Technical Support Appliance - potential denial of service in Linux kernel subsystems

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems including InfiniBand hfi1, RDMA, SquashFS, ATM networking, USB core, MPTCP, procfs, and framebuffer fbdev. These issues involve race conditions, use-after-free scenarios, and out-of-bounds memory access...

kernel security update

3.10.0-1160.119.1.0.19 - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug: 39036029 - atm: clip: Fix infinite recursive call of clippush. CVE-2025-38459 Orabug: 39036029 - usb: core: config: Preve...

Oracle Linux 10 : kernel (ELSA-2026-4012)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4012 advisory. - HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save CKI Backport Bot RHEL-142253 CVE-2025-39818 - drm/xe: Make dma-fenc...

kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing

A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the usbparsessendpointcompanion function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a...

CLSA-2026-1773048865 kernel: Fix of 53 CVEs

xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...