UBUNTU-CVE-2026-47104

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-47104

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-47104

Upstream

CVE-2026-47104

Withdrawn

2026-06-04T11:02:06Z

Published

2026-05-27T14:17:00Z

Modified

2026-06-04T12:45:34.942715057Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusbgetactiveinterfaceassociationdescriptors or libusbgetinterfaceassociation_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

References

Affected packages

Ubuntu:14.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-23.2ubuntu1

2:0.1.12-23.3

2:0.1.12-23.3ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-23.3ubuntu1",
            "binary_name": "libusb++-0.1-4c2"
        },
        {
            "binary_version": "2:0.1.12-23.3ubuntu1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:16.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-27

2:0.1.12-28

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-28",
            "binary_name": "libusb++-0.1-4v5"
        },
        {
            "binary_version": "2:0.1.12-28",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:18.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-31

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-31",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:20.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-32",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:22.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32build2

2:0.1.12-32build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-32build3",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:24.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32build3

2:0.1.12-33

2:0.1.12-35

2:0.1.12-35build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:25.10

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-35build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"

Ubuntu:26.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-35build1

2:0.1.12-35build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build2",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-47104.json"