In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
If "BufOffset" is very large the "BufOffset + 8" operation ca
In the Linux kernel, the following vulnerability has been resolved:
usb: rndis_host: Secure rndis_query check against int overflow
Variables off and len typed as uint32 in rndis_query function
are c
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: Fix musb_gadget.c rxstate overflow bug
The usb function device call musb_gadget_queue() adds the passed
request to musb
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems
On a 32 bit system, the "len * sizeof(*p)" operation can have an
integer overflow
In the Linux kernel, the following vulnerability has been resolved:
usb: potential integer overflow in usbg_make_tpg()
The variable tpgt in usbg_make_tpg() is defined as unsigned long and is
assigne
In the Linux kernel, the following vulnerability has been resolved:
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
Smatch warnings:
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcp
In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: Limit packet length to skb->len
Packet length retrieved from descriptor may be larger than
the actual socket bu
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent a potential integer overflow
If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an int
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix a potential clc buffer length underflow
The buf_len is used to limit the iterations for retrieving the cou
In the Linux kernel, the following vulnerability has been resolved:
gpio: gpio-xilinx: Fix integer overflow
Current implementation is not able to configure more than 32 pins
due to incorrect data ty
In the Linux kernel, the following vulnerability has been resolved:
usbnet: fix memory leak in error case
usbnet_write_cmd_async() mixed up which buffers
need to be freed in which error case.
v2: a
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_rndis: Protect RNDIS options with mutex
The class/subclass/protocol options are suspectible to race conditions
as t
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix transaction abort on set received ioctl due to item overflow
If the set received ioctl fails due to an item overflow wh
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
The "command" variable can be controlled by the user via debu
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()
The `check_command_size_in_blocks()`
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
The block_len read from the host-supplied NTB header is checked
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix buffer overflow in USB transport layer
A buffer overflow vulnerability exists in the USB 9pfs transport layer
where in
In the Linux kernel, the following vulnerability has been resolved:
net: usb: smsc95xx: Limit packet length to skb->len
Packet length retrieved from descriptor may be larger than
the actual socket b
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix overflow in dacloffset bounds check
The dacloffset field was originally typed as int and used in an
unchecked addition,
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvc_function_setup permits control transfer
requests wit
Page 1+ Next →