NIXPKGS-2026-1758

GitHub issue published 2 weeks, 2 days ago

Permalink CVE-2026-47104

5.1 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 2 weeks, 2 days ago by @LeSuisse Activity log

Created suggestion 2 weeks, 3 days ago
@LeSuisse ignored
14 packages
- libusbp
- libusbgx
- libusbsio
- libusbmuxd
- libusb-compat-0_1
- python312Packages.libusb1
- python313Packages.libusb1
- python314Packages.libusb1
- python312Packages.libusbsio
- python313Packages.libusbsio
- python314Packages.libusbsio
- python312Packages.libusb-package
- python313Packages.libusb-package
- python314Packages.libusb-package
2 weeks, 2 days ago
@LeSuisse accepted 2 weeks, 2 days ago
@LeSuisse published on GitHub 2 weeks, 2 days ago

libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

References

https://github.com/libusb/libusb/releases/tag/v1.0.30 release-notes
https://github.com/libusb/libusb/issues/1813 technical-description
https://github.com/libusb/libusb/pull/1814 issue-tracking
https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704 patch
https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-arr… third-party-advisory

Affected products

libusb

<1.0.30

Matching in nixpkgs

pkgs.libusb1

Cross-platform user-mode USB device library

nixos-unstable 1.0.29
- nixpkgs-unstable 1.0.29
- nixos-unstable-small 1.0.29

Ignored packages (14)

pkgs.libusbp

Pololu USB Library (also known as libusbp)

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1

pkgs.libusbgx

C library encapsulating the kernel USB gadget-configfs userspace API functionality

nixos-unstable 2021-10-31
- nixpkgs-unstable 2021-10-31
- nixos-unstable-small 2021-10-31

pkgs.libusbsio

Library for communicating with devices connected via the USB bridge on LPC-Link2 and MCU-Link debug probes on supported NXP microcontroller evaluation boards