Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2025-40345)

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability Discovery Engine. newpba comes from the status packet returned after each write. A bogus device could report values beyond the block...

CVE-2026-9400

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...

CVE-2026-9400

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...

CVE-2026-9400 Edimax BR-6675nD POST Request formUSBStorage command injection

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...

CVE-2026-43488

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: A bug that causes a division-by-zero error in the isd200atacommand function has been fixed. The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb-storage: alauda: Fixed the uninit-value issue in alaudacheckmedia. Syzbot reported that KMSAN complained about accessing an uninitialized value within the alauda subdriver of usb-storage. Bug: KMSAN: uninit-value in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba This issue was discovered by Atuin – the Automated Vulnerability Discovery Engine. newpba is derived from the status packet returned after each write operation. A malicious device...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Storage: Fix memory leak in USB bulk transport A memory leak in the kernel was identified using the ‘ioctlsg01’ test from the Linux Test Project LTP. The following bytes were observed: 0x53425355. When USB storage devices...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage. ============================================ WARNING: Possible recursive locking detected 5.18.0 3 No...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011268 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011411 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013092)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013092 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012979 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1537)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1339)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan: don't try to...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3165 (ALAS-2026-3165)

The version of kernel installed on the remote host is prior to 4.14.350-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3165 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function...

CVE-2025-15543

CVE-2025-15543 : In TP-Link VX800v v1.0, an improper link resolution in the USB HTTP access path can be triggered by a crafted USB device, exposing the root filesystem contents and allowing a physically present attacker to read system files (read‑only). Connected sources also indicate a recommend...

Important: kernel

Issue Overview: A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails CVE-2023-53174 I...