CVE-2026-46184

CVE-2026-46184 affects the Linux kernel sound stack (ua101). The root cause is a missing sanity check for bNrChannels in detect_usb_format(), allowing a device with bNrChannels = 0 to cause frame_bytes to be zero and be used as a divisor in URB completion handlers, which leads to a kernel crash i...

CVE-2026-46073

A flaw was found in the Linux kernel's hwmon subsystem, specifically within the powerz driver. When a signal interrupt occurs during the waitforcompletioninterruptibletimeout function, the system fails to properly abort the USB Request Block URB. This oversight can lead to the kernel attempting t...

CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

EUVD-2026-32474

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

CVE-2026-46091 media: rc: igorplugusb: heed coherency rules

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

CVE-2026-46074

CVE-2026-46074 (Linux kernel, spi: ch341) : A fix addresses memory leaks and use-after-free during probe failures for the ch341 SPI driver. The workaround involves properly deregistering the controller, disabling pins, and killing/freeing the RX URB on failures to mirror disconnect. An explicit U...

CVE-2026-46074 spi: ch341: fix memory leaks on probe failures

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

CVE-2026-46073

CVE-2026-46073 concerns the Linux kernel hwmon (powerz) driver. The vulnerability arises because wait_for_completion_interruptible_timeout() can return -ERESTARTSYS on signal interruption, and the original code may skip usb_kill_urb() when handling this negative/zero return, leading to reads from...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: ffs: Fixed race between aiocancel and AIO Request Complete FFS-based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: An error occurred in usbsubmiturb, causing the URB to be unanchored before it is processed by gsusbreceivebulkcallback. In commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fix URB...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x – Kill URBs before clearing the txstatusqueue. In rtl8187stop, the call to usbkillanchoredurbs is moved before clearing the btxstatusqueue. This change prevents callbacks from using already freed skb if the anchor...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fixed a memory leak in nfcmrvlplaydeferred. Similar to the handling of playdeferred in commit 19cfe912c37b “Bluetooth: btusb: Fixed a memory leak in playdeferred”, we thought a patch might be necessary here as well...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker – fixed potential out-of-bounds access issues. In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An...

SUSE CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb image mdc800 driver failing to terminate downloadurb when it is in a hyper-threaded state...

Linux Distros Unpatched Vulnerability : CVE-2026-43425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the USB Yurex driver’s detection process. During this process, the BBU members are not set to an...

SUSE CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...