Visteon Infotainment 数据伪造问题漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a data forgery vulnerability that arises from insufficient authenticity verification of the firmware image provided during firmware updates to the VIP microcontroller, which could...

CVE-2024-48970

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...

CVE-2024-48970 Life2000 Ventilator microcontroller lacks memory protection

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...

CVE-2024-48970

The CVE-2024-48970 vulnerability affects Baxter Life2000 ventilators, specifically the ventilator’s microcontroller, which lacks memory protection. The issue arises because an attacker could access the internal JTAG interface and read/write flash memory with a standard debugging tool, potentially...

PT-2024-33305 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The ventilator's microcontroller lacks memory protection, allowing an attacker to connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debuggin...

kernel: drm/amd/display: Refactor DMCUB enter/exit idle interface

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface Why We can hang in place trying to send commands when the DMCUB isn't powered on. How We need to exit out of the idle state prior to sending a command, but the process tha...

Third party vulnerabilities in SICK CDE-100

The SICK CDE-100 uses the open-source libraries FreeRTOS, lwIP and MCU Boot. The used libraries contain vulnerabilities that affect the SICK CDE-100...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the i2c driver stm32f7 incorrectly preparing/canceling the clock during runtime suspend/resume...

AZL-50781 CVE-2024-46870 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 Why DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - which works fine for ASIC without IPS...

(0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

The vulnerability of Moxa EDS-510A switch microprogramming software, related to the use of cryptographic algorithms containing defects, allows attackers to exploit their privileges.

The vulnerability of Moxa EDS-510A microcontroller software is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

UBUNTU-CVE-2022-48820

In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32usbphycpllenable This error path needs to decrement "usbphyc-npllcons.counter" before returning...

Various Renesas products Security breaches

The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in several Renesas products, which originates from the bootrom function responsible for validating the Flash product header directly usi...

Geehy APM32 Security Vulnerability

The Geehy APM32 is a series of industrial grade microcontrollers from China-based Geehy Semiconductor Geehy. A security vulnerability exists in the Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6, which stems from incorrect access control of the device...

CVE-2024-32883 MCUboot Injection attack of unprotected TLV values

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

SUSE CVE-2023-52624

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

AZL-58767 CVE-2023-52624 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...