SUSE CVE-2026-46226

In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

EUVD-2026-32853

In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

SUSE CVE-2026-31487

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

CVE-2026-31487

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

CVE-2026-31487

The CVE concerns the Linux kernel SPI subsystem. A flaw arises when a driver is probed via __driver_attach(): the bus match() callback is invoked without holding the device lock, allowing access to the driver_override field without proper synchronization, creating a use-after-free (UAF) risk. The...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

CVE-2026-0714 (CISA/Red Hat context included) describes a physical-attack vulnerability in certain Moxa industrial computers running Moxa Industrial Linux 3 with TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU over an SPI bus. Exploitation requires invasive physical...

EUVD-2016-1605

Malware in sbrugna...

EUVD-2024-52159

Malicious code in bioql PyPI...

EUVD-2022-48418

Malicious code in bioql PyPI...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2022-45552

An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...

Siemens SICAM A8000 CP-8031 and CP-8050 Firmware Decryption Vulnerability

The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply. A firmware decryption vulnerability exists in the Siemens SICAM A8000 CP-8031 and CP-8050 due to the fact that the affected devices contain a secure element...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2024-53832

CVE-2024-53832 affects Siemens SICAM A8000 devices (CP-8031/CP-8050) with CPCI85 Central Processing/Communication, all versions before V05.30. A secure element is connected via an unencrypted SPI bus, enabling a physically proximate attacker to observe the authentication password and use the secu...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

DEBIAN-CVE-2024-42279

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rxlen == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the...