CVE-2025-61081

...

Astra Linux - Vulnerability in linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly restricted format strings where the dynamic parts consist only of hex numbers or similar values. However, there are a...

EUVD-2025-208548

Improper input validation in the UEFI FlashUcAcmSmm module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-387199)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-387199 advisory. In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructe...

Input: ims-pcu - check record size in ims_pcu_flash_firmware()

...

CVE-2024-44815

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV...

CVE-2024-44815

CVE-2024-44815 affects Hathway Skyworth Router CM5100 v4.1.1.24. The issue allows a physically proximate attacker to obtain user credentials through the SPI flash memory (W25Q64JV). According to the sources, the vulnerability exposes credentials via firmware storage exposed on the SPI flash, with...

CVE-2024-44815

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV...