CVE-2023-53466

CVE-2023-53466 pertains to the Linux kernel wifi driver mt76 mt7915. The issue is a memory leak in the mt7915_mcu_exit path. The security update fixes by always purging mcu skb queues in mt7915_mcu_exit, even if mt7915_firmware_state fails. This mirrors the vulnerability being addressed in OSV-20...

CVE-2025-38648 spi: stm32: Check for cfg availability in stm32_spi_probe

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

CVE-2025-38600

CVE-2025-38600 : In the Linux kernel, a vulnerability in wifi/mt76/mt7925 was fixed: an off-by-one error in mt7925_mcu_hw_scan() where the ssid->ssids[] and sreq->ssids[] arrays (MT7925_RNR_SCAN_MAX_BSSIDS) could trigger an out-of-bounds access. The root cause is the comparison (>=) whic...

Linux Distros Unpatched Vulnerability : CVE-2025-38036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for...

The vulnerability of the AES-XTS encryption algorithm implementation in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F allows a attacker to compromise the confidentiality of the protected information.

The vulnerability of the AES-XTS encryption algorithm implemented in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F is related to the number of surfaces that are vulnerable, with their quantitative measurement exceeding the desired maximum. Exploiting this vulnerability can allow attackers t...

CVE-2025-5747

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...

The vulnerability of the web_aaa_loginAuthlistEdit() function in PLANET Technology’s microcontroller software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the webaaaloginAuthlistEdit function in PLANET Technology’s microcontroller software is related to buffer overflow during the processing of the theauthName parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the webACLBindEdit_post() function in PLANET Technology’s microcontroller software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the webACLBindEditPost function in PLANET Technology’s microprogramming devices is related to buffer overflows in the stack during the processing of the bindEditMACName parameter. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

The vulnerability of the web_sys_infoContact_post() function in PLANET Technology’s microcontroller software allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the websysinfoContactpost function in PLANET Technology’s microcontroller software stems from the operation of the function beyond the buffer boundaries in memory when processing the contact parameter. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2021-34399

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure...

CVE-2021-23201

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or...

CVE-2021-23219

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure...

CVE-2021-34400

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure...

CVE-2021-1125

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data...

STMicroelectronics X-CUBE-AZRTOS-WL 数字错误漏洞

STMicroelectronics X-CUBE-AZRTOS-WL is an Azure RTOS-based development kit for STM32 microcontrollers from STMicroelectronics, Switzerland. A numeric error vulnerability exists in STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, which stems from an integer overflow in the PUT request function o...

DEBIAN-CVE-2023-52981

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request object was broken. Fix it up. The context based search manages the...

The vulnerability of the HCI interface of Espressif ESP32 microcontroller software allows attackers to circumvent existing security restrictions.

The vulnerability of the HCI interface in Espressif ESP32 microcontroller software lies in the presence of undocumented configuration commands. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

Vulnerability of the driver/net/wireless/mediatek/mt76/mt7915/mcu.c component in Linux kernel, allowing a hacker to cause a service failure

The vulnerability in the drivers/net/wireless/mediatek/mt76/mt7915/mcu.c component of the Linux operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2024-53980 Spoofed length byte traps CC2538 in endless loop

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

CVE-2024-8356

Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute...