Lucene search
K

239 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-10663

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-10663 Use-after-free / double-free of the root USB device in the experimental USB host stack

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS0.00159EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-10663

The vulnerability CVE-2026-10663 affects Zephyr’s experimental USB host stack (CONFIG_USB_HOST_STACK). freed root usb_device slab in usbh_device_disconnect() leaves ctx->root dangling; bus removal handler dev_removed_handler() uses ctx->root to decide teardown. Synthesis of DEV_REMOVED even...

6.1CVSS6.1AI score0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...

5.5CVSS6AI score0.00164EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Qemu

In QEMU 5.0.0, the hw/usb/hcd-ohci.c file contains an infinite loop when a TD list has a loop...

5.3CVSS6.8AI score0.00441EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Qemu

A divide-by-zero issue was discovered in dwc2handlepacket in hw/usb/hcd-dwc2.c, within the hcd-dwc2 USB host controller emulation in QEMU. A malicious guest could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service...

6.5CVSS6.7AI score0.00314EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: Fix for crashes when suspending if remote wake-up is enabled Crashes occurred on the i.mx8qm platform when suspending if remote wake-up was enabled. Internal error: Synchronous external abort: 96000210 1 PREEMPT S...

5.3CVSS6.3AI score0.00212EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: xHCI: Properly handling isoc Babble and Buffer Overrun events. xHCI 4.9 explicitly prohibits making assumptions that the xHC has released its ownership of a multi-TRB TD when an error occurs in one of the early TRBs. However,...

5.5CVSS6.5AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During S2idle tests on the Raspberry CM4, the VPU firmware always crashes when the xHCI power-domain is resumed: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finishe...

5.5CVSS6.3AI score0.00181EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platformgetresource This vulnerability could lead to a null-ptr-deref error if platformgetresource returns NULL. Therefore, we need to check the return value of this function...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Drivers: USB: Host: Fixed a deadlock in oxubussuspend There is a deadlock in oxubussuspend, as shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | Wait for a while ... | oxuwatchdog...

5.5CVSS6.2AI score0.00196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: usb: host: xhci: Fixed a potential memory leak in xhciallocstreaminfo The xhciallocstreaminfo function allocates a stream context array for streaminfo-streamctxarray using xhciallocstreamctx. When an error occurs, the...

5.5CVSS6AI score0.0015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021543 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally...

7.8CVSS5.8AI score0.00158EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021622 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug...

5.5CVSS6.1AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/08 11:46 p.m.11 views

CVE-2026-43432

A flaw was found in the Linux kernel's USB xHCI host controller driver. The error handling path in the xhcidisableslot function incorrectly frees only a portion of the allocated memory, leading to a memory leak of the completion structure. This issue, which can be triggered under specific hardwar...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 6:12 p.m.11 views

CVE-2026-43290

A flaw was found in the Linux kernel's uvcvideo module. This vulnerability occurs when the startstreaming function fails to return queued buffers due to an error in uvcpmget. A local attacker could potentially trigger this condition, leading to system instability or a denial of service DoS by...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28737

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

5.7AI score0.00107EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43432

CVE-2026-43432 relates to the Linux kernel USB xHCI driver. The error path in usb/xhci_disable_slot() previously freed only the command structure (via kfree), leaking the associated completion structure. The patch changes the code to call xhci_free_command() , which frees both the command structu...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder