USN-8116-1: Linux kernel (Intel IoTG Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

EUVD-2016-0171

Malware in sbrugna...

EUVD-2014-9795

Malware in sbrugna...

EUVD-2015-5905

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-35822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at...

USN-7184-1 linux-aws, linux-kvm vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in th...

CVE-2024-26935 scsi: core: Fix unremoved procfs host directory regression

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 "scsi: core: Remove the /proc/scsi/$procname directory earlier" fixed a bug related to modules loading/unloading, by adding a call to scsiprochostdirr...

CVE-2020-10021

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...

CVE-2020-10021

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...

Cross site scripting

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...

CVE-2020-10021

CVE-2020-10021 is an active vulnerability describing an out-of-bounds write in the USB Mass Storage memoryWrite handler caused by unaligned sizes. Affected: Zephyr RTOS, Zephyr 1.14.1 and later, and 2.1.0 and later. CVSS data indicate a high-severity, local-attack scenario with potential confiden...

CVE-2020-10021 Out-of-bounds write in USB Mass Storage with unaligned sizes

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...

Android - Directory Traversal over USB via Injection in blkid Output Exploit

Exploit for Android platform in category local exploits When a USB mass storage device is inserted into an Android phone even if the phone is locked!, vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions on the connect...

[SECURITY] Fedora 28 Update: cantata-2.3.1-1.fc28

Cantata is a graphical client for the music player daemon MPD. Features: Multiple MPD collections. Highly customisable layout. Songs grouped by album in play queue. Context view to show artist, album, and song information of current track. Simple tag editor. File organizer - use tags to organize...

[SECURITY] Fedora 27 Update: cantata-2.3.1-1.fc27

Cantata is a graphical client for the music player daemon MPD. Features: Multiple MPD collections. Highly customisable layout. Songs grouped by album in play queue. Context view to show artist, album, and song information of current track. Simple tag editor. File organizer - use tags to organize...

Buffer overflow

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends...

CVE-2014-9991

CVE-2014-9991 describes a buffer overflow in Qualcomm closed-source Android components when USB mass storage transfers exceed 16kB. Public sources (CNVD-2018-08826, NVD entry) tie this issue to Android devices using Qualcomm Snapdragon/mobile platforms (e.g., MDM9206/9625/9635M/etc., SD series) a...

Solaris 10 (x86) : 123403-01

SunOS 5.10x86: usbms patch. Date this patch was last updated by Sun : Jan/30/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

P4wnP1: A Open Source USB Attack Platform

PenTestIT RSS Feed As of now, hardware security projects seem to be attracting me more than software based projects. Evidently, I wrote a few posts covering them - List of Portable Hardware Devices for Penetration Testing, List of Raspberry Pi DIY Projects for Anonymity, etc. among other awesome...