Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: comedi: vmk80xx: fixed transfer-buffer overflows The driver uses USB transfer buffers sized at the endpoint level, but until recently, there were no sanity checks on these buffer sizes. The commit e1f13c879a7c “staging: comedi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

EUVD-2025-203679

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker ca...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989062)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989062 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffer...

EUVD-2016-10787

Malware in sbrugna...

SUSE CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

DEBIAN-CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

UBUNTU-CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

CVE-2021-47475

A flaw was found in the vmk80xx module in the Linux kernel. Memory buffer allocations with incorrect sizes can result in an out-of-bounds write when performing descriptor fuzzing...

SUSE CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

UBUNTU-CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

CVE-2021-47475 comedi: vmk80xx: fix transfer-buffer overflows

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

CVE-2024-27405 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

CVE-2024-27405

CVE-2024-27405 describes a Linux kernel issue in usb: gadget: ncm where the unwrap logic can drop all datagrams when a second NTB is faulty due to a leftover byte after a proper NTB. The trigger observed during tethering over NCM with Windows 11 host. Root cause: if there are leftover bytes, unwr...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

CVE-2024-27405 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...