kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2026:19568 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: libceph: make decodepool...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

RHEL 10 : kernel (RHSA-2026:19569)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19569 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: afcan: do not leave a...

SUSE CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

Linux Distros Unpatched Vulnerability : CVE-2026-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites...

CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001355)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001355 advisory. An issue was discovered in the Linux kernel before 5.11.7. usbipsockfdstore in drivers/usb/usbip/stubdev.c allows attackers to cause a denial of service GPF because...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000883)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000883 advisory. The usbiprecvxbuff function in drivers/usb/usbip/usbipcommon.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service out-of-bounds...

EUVD-2022-54840

Malicious code in bioql PyPI...

CVE-2022-49389

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release the reference. Fix this by moving usbputdev to sdevfree error path...

UBUNTU-CVE-2022-49389

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release the reference. Fix this by moving usbputdev to sdevfree error path...

CVE-2022-49389 usb: usbip: fix a refcount leak in stub_probe()

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release the reference. Fix this by moving usbputdev to sdevfree error path...

CVE-2022-49389 usb: usbip: fix a refcount leak in stub_probe()

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release the reference. Fix this by moving usbputdev to sdevfree error path...

CVE-2022-49389

CVE-2022-49389 concerns a refcount leak in the Linux kernel USB/IP path. The issue arises because usb_get_dev() is called in stub_device_alloc(), and if stub_probe() fails afterward, the reference must be released with usb_put_dev(). The fix moves usb_put_dev() to the sdev_free error path, ensuri...

CVE-2022-49389

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release the reference. Fix this by moving usbputdev to sdevfree error path...

K21274200: Linux kernel vulnerability CVE-2017-16914

Security Advisory Description The "stubsendretsubmit" function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service NULL pointer dereference via a specially crafted USB over IP packet. CVE-2017-16914 Impact...

SUSE CVE-2017-16913

The "stubrecvcmdsubmit" function drivers/usb/usbip/stubrx.c in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMDSUBMIT packets allows attackers to cause a denial of service arbitrary memory allocation via a specially crafted USB over IP packet...