Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-46151— usb: usblp: fix heap leak in IEEE 1284 device ID via short response

AI Predicted 6.5 Difficulty: Moderate EPSS 0.02% · P7

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 4650cce898fcd0bb8c33e529984687a8caed10c3affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 612640abbd9e0947fe8f37aaf0cf324265d7caa4affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 4220d4dd062ea3d3eb056a6cbe0b568e740d20b1affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 6e29c32a27218f2dcd4a4e9b0b3c5e7728640698affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 6d8142141c942c0d8e79343cffda9c44bb1f3f4faffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 8247f52d822180e94ccbfdab91613af386a4e34daffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 522d17e93a85575256894212d10e5a1fa6f36529affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 7a400c6fe3617e31e690e3f7ca37bb335e0498f3affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-46151

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp_ctrl_msg() collapses the usb_control_msg() return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GET_DEVICE_ID control transfer short and the driver has no way to know. usblp_cache_device_id_string() reads the 2-byte big-endian length prefix from the response and trusts it (clamped only to the buffer bounds). The buffer is kmalloc(1024) at probe time. A device that sends exactly two bytes (e.g. 0x03 0xFF, claiming a 1023-byte ID) leaves device_id_string[2..1022] holding stale kmalloc heap. That stale data is then exposed: - via the ieee1284_id sysfs attribute (sprintf("%s", buf+2), truncated at the first NUL in the stale heap), and - via the IOCNR_GET_DEVICE_ID ioctl, which copy_to_user()s the full claimed length regardless of NULs, up to 1021 bytes of uninitialized heap, with the leak size chosen by the device. Fix this up by just zapping the buffer with zeros before each request sent to the device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于usb usblp中IEEE 1284设备ID响应过短导致堆泄漏,可能暴露未初始化的堆数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ~ 4650cce898fcd0bb8c33e529984687a8caed10c3 -
LinuxLinux 2.6.12 -

II. Public POCs for CVE-2026-46151

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-46151

登录查看更多情报信息。

Patches & Fixes for CVE-2026-46151 (8)

Same Patch Batch · Linux · 2026-05-28 · 138 CVEs total

CVE-2026-461959.8 CRITICALsmb: client: validate dacloffset before building DACL pointers
CVE-2026-461379.8 CRITICALmptcp: pm: ADD_ADDR rtx: fix potential data-race
CVE-2026-461359.8 CRITICALnvmet-tcp: fix race between ICReq handling and queue teardown
CVE-2026-461159.8 CRITICALblock: add pgmap check to biovec_phys_mergeable
CVE-2026-461859.1 CRITICALsmb/client: fix out-of-bounds read in symlink_data()
CVE-2026-461199.1 CRITICALlibceph: Fix slab-out-of-bounds access in auth message processing
CVE-2026-461559.1 CRITICALsmb/client: fix out-of-bounds read in smb2_compound_op()
CVE-2026-461258.8 HIGHwifi: mac80211: remove station if connection prep fails
CVE-2026-461748.8 HIGHx86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
CVE-2026-461988.8 HIGHbatman-adv: fix integer overflow on buff_pos
CVE-2026-461668.8 HIGHwifi: mac80211: use safe list iteration in radar detect work
CVE-2026-461138.8 HIGHKVM: x86: Fix shadow paging use-after-free due to unexpected GFN
CVE-2026-461528.8 HIGHwifi: mac80211: drop stray 'static' from fast-RX rx_result
CVE-2026-462128.8 HIGHbatman-adv: bla: prevent use-after-free when deleting claims
CVE-2026-462388.8 HIGHbatman-adv: stop caching unowned originator pointers in BAT IV
CVE-2026-461388.1 HIGHBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
CVE-2026-462328.1 HIGHHID: playstation: Clamp num_touch_reports
CVE-2026-461977.8 HIGHdrm/amdkfd: validate SVM ioctl nattr against buffer size
CVE-2026-461767.8 HIGHRDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
CVE-2026-461457.8 HIGHRDMA/mana: Validate rx_hash_key_len

Showing top 20 of 138 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-46151

No comments yet

Leave a comment