CVE-2026-31624
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:41
- Zuletzt bearbeitet 01.06.2026 17:16:53
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a value that comes directly from a HID device. The HID...
CVE-2026-31623
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:40
- Zuletzt bearbeitet 01.06.2026 17:16:53
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending ...
CVE-2026-31622
- EPSS 0.28%
- Veröffentlicht 24.04.2026 14:42:39
- Zuletzt bearbeitet 01.06.2026 17:16:53
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_res() appends 3 or 4 bytes to target->nfcid1 on each ...
CVE-2026-31618
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:37
- Zuletzt bearbeitet 01.06.2026 17:16:52
In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that sam...
CVE-2026-31619
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:37
- Zuletzt bearbeitet 01.06.2026 17:16:52
In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efr_status_names[] ...
CVE-2026-31617
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:36
- Zuletzt bearbeitet 30.06.2026 03:18:25
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checked against ntb_max but has no lower bound. When bloc...
CVE-2026-31616
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:35
- Zuletzt bearbeitet 01.06.2026 17:16:52
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info->frags[] array on a Linux gadget exposing a Phonet...
CVE-2026-31615
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:34
- Zuletzt bearbeitet 01.06.2026 17:16:52
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIn...
CVE-2026-31607
- EPSS 0.31%
- Veröffentlicht 24.04.2026 14:42:29
- Zuletzt bearbeitet 30.06.2026 03:18:25
In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_submit() unconditionally overwrites urb->number_of_...
CVE-2026-31605
- EPSS 0.13%
- Veröffentlicht 24.04.2026 14:42:28
- Zuletzt bearbeitet 01.06.2026 17:16:51
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same...