12 matches found
CVE-2026-46257
A flaw was found in the Linux kernel's SP804 timer driver. On ARM32 platforms where the SP804 is not registered as the scheduling clock, the delay timer's clock event instance may not be properly initialized. This can lead to a kernel Oops, which is a system crash, when the system attempts to rea...
CVE-2026-42485
AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...
RUSTSEC-2026-0003 Non-constant-time code generation on ARM32 targets
Summary While the cmov crate has a special backend for aarch64 which uses special CSEL instructions, on 32-bit ARM it uses a portable pure Rust fallback implementation. This implementation uses a combination of bitwise arithmetic and core::hint::blackbox to attempt to coerce constant-time code...
USN-7909-5: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...
USN-7909-2 linux-intel-iot-realtime, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...
Linux Distros Unpatched Vulnerability : CVE-2025-39899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE With CONFIGHIGHPTE on 32-bit ARM, movepagespte maps PTE pages using kmaplocalpage, which requires...
USN-7801-2: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
USN-6649-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...
SUSE CVE-2024-1552
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit ARM devices. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...
UBUNTU-CVE-2023-34324
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by remova...
CVE-2017-9607
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1platmemcheck protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an...