Metasploit Wrap Up 05/22/2026

Another week, another authentication bypass Our humble Metasploit weeklyish blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/ciscosdwanvhubauthbypass module for CVE-2026-20182, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fixed a reference count leak issue in astvhubinitdesc. We should call ofnodeput for the reference returned by ofgetchildbyname, which has increased the reference count...

Cisco Catalyst SD-WAN Controller vHub Authentication Bypass

This module exploits an authentication bypass vulnerability CVE-2026-20182 in the Cisco Catalyst SD-WAN Controller. The vdaemon DTLS control-plane service performs no certificate or credential verification for connecting peers that claim to be a vHub device type 2. The vbondprocchallengeack...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992939)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992939 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992328 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the...

EUVD-2021-12587

Malware in sbrugna...

EUVD-2022-55405

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-50139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the...

usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()

...

CVE-2022-50139

A flaw was found in the aspeed-vhub module in the Linux kernel. A missing decrement of the reference count will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

SUSE CVE-2022-50139

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

DEBIAN-CVE-2022-50139

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

UBUNTU-CVE-2022-50139

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

CVE-2022-50139

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

CVE-2022-50139

CVE-2022-50139 affects the Linux kernel’s usb: aspeed-vhub component. The root cause is a refcount leak in ast_vhub_init_desc() caused by not releasing a reference from of_get_child_by_name(). The fix is to call of_node_put() on that reference. This remediation prevents the refcount from being in...

CVE-2022-50139 usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

CVE-2021-25695

The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver...

UBUNTU-CVE-2025-37881

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in astvhubinitdev The variable d-name, returned by devmkasprintf, could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in...

PT-2025-20533

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference issue has been identified in the Linux kernel's USB gadget functionality, specifically in the ast vhub init dev function. The variable d-name, returned by devm...

kernel: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()

A flaw was found in the aspeed-vhub module in the Linux kernel. A missing decrement of the reference count will cause a memory leak, potentially impacting system performance and resulting in a denial of service...