Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: USB: usbip: Fix a reference count leak in stubprobe The usbgetdev function is called in stubdevicealloc. When stubprobe fails later on, usbputdev must be called to release the reference. This issue is fixed by moving usbputdev in...

CVE-2026-31607

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

DEBIAN-CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

CVE-2026-31607

CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...

CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

PT-2026-34959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write exists in the USB/IP client. The function usbip pack ret submit unconditionally overwrites the number of packets variable from the network PDU. A malicious...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414620 advisory. An issue was discovered in the Linux kernel before 5.11.7. usbipsockfdstore in drivers/usb/usbip/stubdev.c allows attackers to cause a denial of service GPF because...

Linux Distros Unpatched Vulnerability : CVE-2018-5814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations...

Linux Kernel USB/IP VHCI Driver Race Condition Privilege Escalation Vulnerability

This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the reset event. The issue results from the lack of proper locki...

SUSE CVE-2016-3955

The usbiprecvxbuff function in drivers/usb/usbip/usbipcommon.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted length value in a USB/IP packet...

Ubuntu: Security Advisory (USN-4945-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4945-2: Linux kernel (Raspberry Pi) vulnerabilities

USN-4945-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. Original advisory details: It was discovered that the Nouveau G...

USN-4949-1: Linux kernel vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

Debian DLA-1423-1 : linux-4.9 new package (Spectre)

Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the 'jessie-backports' suite. There is no need to upgrade systems using Linux 3.16, as that kernel version will also continue to be supported in the LT...

[SECURITY] [DLA 1423-1] linux-4.9 new package

Package : linux-4.9 Version : 4.9.110-1deb8u1 CVE ID : CVE-2017-5753 CVE-2017-18255 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-3639 CVE-2018-5814 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880...

Debian DLA-1422-2 : linux security update (Spectre)

The previous update to linux failed to build for the armhf ARM EABI hard-float architecture. This update corrects that. For all other architectures, there is no need to upgrade or reboot again. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have be...

[SECURITY] [DLA 1422-1] linux security update

Package : linux Version : 3.16.57-1 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 Several vulnerabilities have been discovere...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3696-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3696-1 advisory. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of servic...

Ubuntu: Security Advisory (USN-3696-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3696-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...