Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: Initialize the MAC header offset in qmimuxrxfixup Raw IP packets do not have a MAC header, resulting in skb-macheader being uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems...

SUSE CVE-2026-43479

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

EUVD-2026-30015

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

PT-2026-30142

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bounds-check issue exists in the cdc ncm rx verify ndp32 function within the Linux kernel's networking subsystem for USB Network cdc ncm. The issue arises from a failure to account for...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-1582)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the...

CVE-2026-23188

In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: DPM device timeout after 10 seconds; 15 seconds until panic Call Trace: schedule+0x483/0x1370...

EUVD-2025-203757

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

SUSE CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

UBUNTU-CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989129 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111rxfixup contains several...

PT-2025-46615

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to USB networking. Specifically, the rtl8150 set multicast function incorrectly calls netif stop queue and netif wake queue, leading to potentia...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix for NPE during rxcomplete. There is a missing validation of usbnetgoingaway in the critical path. The usbsubmiturb function lacks this validation, while usbnetqueueskb includes this check. This inconsistency causes a...

UBUNTU-CVE-2025-21742

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, so it was possible f...

CVE-2025-21742 usbnet: ipheth: use static NDP16 location in URB

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, so it was possible f...

UBUNTU-CVE-2021-47171

In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xxbind Syzbot reported memory leak in smsc75xxbind. The problem was is non-freed memory in case of errors after memory allocation. backtrace: kmalloc include/linux/slab.h:556 inline kzalloc...

GSD-2021-1002056 usbnet: sanity check for maxpacket

usbnet: sanity check for maxpacket This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.77 by commit 693ecbe8f799405f8775719deedb1f76265d375a...

The vulnerabilities in operating systems such as Mac OS X and iOS allow attackers to trigger service failures or execute arbitrary code in privileged contexts.

The vulnerability of the AppleUSBNetworking component in Mac OS X and iOS operating systems arises due to buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code in a privileged context, or to cause a service failure memory corruption by using a specially creat...

CVE-2016-1734

AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted USB device...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022)

Description of changes: Avoid bug caused by corrupted Ext4 filesystem. When mounting an ext4 filesystem, the kernel was not checking for zero length extents. This would cause a BUGON assertion failure in the log. NULL pointer dereference in the SCSI subsystem. A NULL dereference may occur if a SC...