DEBIAN-CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

CVE-2024-26748

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlockdev-lock; 831 usbgadgetgivebackrequestep-endpoint, 832 request; 833 spinlockdev-lock; 834 835 836 if request-buf == privdev-zlpbuf 8...

CVE-2024-26748

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...

CVE-2024-26748 usb: cdns3: fix memory double free when handle zero packet

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...

CVE-2024-26748

CVE-2024-26748 (Linux kernel) — Affects the usb cdns3 gadget driver. A memory double-free could occur when handling a zero-length packet that was queued as an extra request. The patch adds a check at line 829 to skip usb_gadget_giveback_request() for this additional zero-length request, avoiding ...

CVE-2024-26748

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...