4.7

CVE-2026-43430

usb: yurex: fix race in probe

In the Linux kernel, the following vulnerability has been resolved:

usb: yurex: fix race in probe

The bbu member of the descriptor must be set to the value
standing for uninitialized values before the URB whose
completion handler sets bbu is submitted. Otherwise there is
a window during which probing can overwrite already retrieved
data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.37 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.78
LinuxLinux Kernel Version >= 6.13 < 6.18.19
LinuxLinux Kernel Version >= 6.19 < 6.19.9
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.006
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2
Patch
https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a
Patch
https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559
Patch
https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520
Patch
https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965
Patch
https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa
Patch
https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7
Patch
https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151
Patch