CVE-2026-43436
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:06
- Zuletzt bearbeitet 21.05.2026 17:43:14
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descript...
CVE-2026-43434
- EPSS 0.13%
- Veröffentlicht 08.05.2026 14:22:05
- Zuletzt bearbeitet 12.05.2026 14:10:27
In the Linux kernel, the following vulnerability has been resolved: rust_binder: check ownership before using vma When installing missing pages (or zapping them), Rust Binder will look up the vma in the mm by address, and then call vm_insert_page (...
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:05
- Zuletzt bearbeitet 12.05.2026 14:10:27
In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being fa...
CVE-2026-43433
- EPSS 0.1%
- Veröffentlicht 08.05.2026 14:22:04
- Zuletzt bearbeitet 12.05.2026 14:10:27
In the Linux kernel, the following vulnerability has been resolved: rust_binder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read...
CVE-2026-43431
- EPSS 0.11%
- Veröffentlicht 08.05.2026 14:22:03
- Zuletzt bearbeitet 20.05.2026 18:21:21
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is ...
CVE-2026-43432
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:03
- Zuletzt bearbeitet 20.05.2026 18:18:34
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. C...
CVE-2026-43430
- EPSS 0.09%
- Veröffentlicht 08.05.2026 14:22:02
- Zuletzt bearbeitet 20.05.2026 18:22:23
In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submit...
CVE-2026-43428
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:01
- Zuletzt bearbeitet 20.05.2026 18:26:17
In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in usbcore allow unlimited timeout durations. An...
CVE-2026-43429
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:01
- Zuletzt bearbeitet 20.05.2026 18:23:12
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts fo...
CVE-2026-43427
- EPSS 0.13%
- Veröffentlicht 08.05.2026 14:22:00
- Zuletzt bearbeitet 20.05.2026 18:29:41
In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc->length update can be reor...