Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERRPTR dereference in uvcv4l2.c Fix potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Fix the following smatch errors: drivers/usb/gadget/function/uvcv4l2.c:124 findformatbypix erro...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfbdisable In apertureremoveconflictingpcidevices, we currently only call sysfbdisable on vga class devices. This leads to the following problem when the pimary device is not VGA...

Linux Distros Unpatched Vulnerability : CVE-2026-31726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe usb: gadget: uvc: allow for application to cleanly shutdown introduced two...

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726 usb: gadget: uvc: fix NULL pointer dereference during unbind race

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the uvcscanstreaming function in the UVC Descriptor Handler component. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation There is no fixed...

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

CVE-2025-68622

The CVE-2025-68622 affects Espressif ESP-IDF USB Host UVC Class Driver (esp-usb UVC host). A vulnerability in the UVC host parsing allows a malicious USB Video Class (UVC) device to cause a stack buffer overflow during configuration-descriptor parsing when UVC printing is enabled. A crafted descr...

EUVD-2025-206283

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990104 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvcfunctionsetup permit...

SUSE CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...

CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability

...

CVE-2025-55676

CVE-2025-55676 affects the Windows USB Video Class System Driver and is an information disclosure vulnerability that can be exploited locally on an authenticated system. The root cause is an error message generation that reveals sensitive information from the Windows USB Video Driver. Microsoft’s...

CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability

...

Windows USB Video Class System Driver Information Disclosure Vulnerability

Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally...