[Buildroot] [PATCH] package/libusb: security bump to version 1.0.30

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Cc: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Subject: [Buildroot] [PATCH] package/libusb: security bump to version 1.0.30
Date: Fri,  5 Jun 2026 09:00:02 +0200	[thread overview]
Message-ID: <20260605070003.3911896-1-peter@korsgaard.com> (raw)

Fixes the following security issues:

CVE-2026-23679: libusb before version 1.0.30 contains a NULL pointer
dereference vulnerability that allows attackers to crash applications by
supplying a malformed USB configuration descriptor where an interface claims
bNumEndpoints greater than zero but is followed by a class-specific
descriptor whose bLength exceeds the remaining buffer size, causing
parse_interface() to return early without allocating the endpoint array.
Attackers can exploit this flaw through libusb_get_active_config_descriptor
or libusb_get_config_descriptor by providing crafted descriptors via
virtualized USB passthrough, file-based descriptor parsing, or network
sources, causing any application iterating over endpoints to dereference a
NULL endpoint pointer and crash.

https://nvd.nist.gov/vuln/detail/CVE-2026-23679

CVE-2026-47104: libusb before version 1.0.30 contains a one-byte
out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that
allows attackers to trigger a denial of service by supplying a malformed USB
descriptor whose bLength equals size minus one, causing the bounds check to
use the original buffer size instead of the remaining size.  Attackers in
virtualized environments with USB passthrough can supply crafted descriptors
through libusb_get_active_interface_association_descriptors or
libusb_get_interface_association_descriptors to read one byte past the end
of the malloc allocation, resulting in a denial of service.

https://nvd.nist.gov/vuln/detail/CVE-2026-47104

For more details, see the announcement:
https://sourceforge.net/p/libusb/mailman/message/59335553/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/libusb/libusb.hash | 2 +-
 package/libusb/libusb.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libusb/libusb.hash b/package/libusb/libusb.hash
index 4c76609930..7b4b92e6e9 100644
--- a/package/libusb/libusb.hash
+++ b/package/libusb/libusb.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  5977fc950f8d1395ccea9bd48c06b3f808fd3c2c961b44b0c2e6e29fc3a70a85  libusb-1.0.29.tar.bz2
+sha256  fea36f34f9156400209595e300840767ab1a385ede1dc7ee893015aea9c6dbaf  libusb-1.0.30.tar.bz2
 sha256  5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a  COPYING
diff --git a/package/libusb/libusb.mk b/package/libusb/libusb.mk
index 95ce8b17df..1352569f7b 100644
--- a/package/libusb/libusb.mk
+++ b/package/libusb/libusb.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBUSB_VERSION_MAJOR = 1.0
-LIBUSB_VERSION = $(LIBUSB_VERSION_MAJOR).29
+LIBUSB_VERSION = $(LIBUSB_VERSION_MAJOR).30
 LIBUSB_SOURCE = libusb-$(LIBUSB_VERSION).tar.bz2
 LIBUSB_SITE = https://github.com/libusb/libusb/releases/download/v$(LIBUSB_VERSION)
 LIBUSB_LICENSE = LGPL-2.1+
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
