Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Drivers: USB: Host: Fixed a deadlock in oxubussuspend There is a deadlock in oxubussuspend, as shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | Wait for a while ... | oxuwatchdog...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987636 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is...

CVE-2022-50153 usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe

In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehcihcdppcofprobe offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50033 usb: host: ohci-ppc-of: Fix refcount leak bug

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

CVE-2022-50033

CVE-2022-50033: In the Linux kernel USB host OHCI PPC OF driver, of_find_compatible_node() may return a node with an incremented refcount and of_node_put() must be used when not needed. The issue is a refcount leak in ohci_hcd_ppc_of_probe(). Affected: Linux kernel (ohci-ppc-of path). Impact is a...

DEBIAN-CVE-2022-49313

In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | wait a time ... | oxuwatchdog deltimersync...

CVE-2024-23972

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...

CVE-2024-23972

Summary: CVE-2024-23972 affects Sony XAV-AX5500. The issue is a buffer overflow in the USB host driver triggered by a crafted USB configuration descriptor, enabling remote code execution in the device process when a USB is connected by a physically present attacker. The vulnerability can be explo...

(Pwn2Own) Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can...

GSD-2022-1003206 drivers: usb: host: Fix deadlock in oxu_bus_suspend()

drivers: usb: host: Fix deadlock in oxubussuspend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...

GSD-2022-1002897 drivers: usb: host: Fix deadlock in oxu_bus_suspend()

drivers: usb: host: Fix deadlock in oxubussuspend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...

GSD-2021-1002240 usb: host: ohci-tmio: check return value after calling platform_get_resource()

usb: host: ohci-tmio: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.256 by commit...

AZL-6588 CVE-2021-38204 affecting package kernel for versions less than 5.10.78.1-1

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service use-after-free and panic by removing a MAX-3421 USB device in certain situations...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...