217 matches found
CVE-2026-53344
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Initialize mcp-dev and mcp-addr before regmap init Regmap initialization triggers regcachemaplepopulate which attempts SPI read to populate cache. SPI read requires mcp-dev and mcp-addr to be set, without them,...
CVE-2026-53344
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Initialize mcp-dev and mcp-addr before regmap init Regmap initialization triggers regcachemaplepopulate which attempts SPI read to populate cache. SPI read requires mcp-dev and mcp-addr to be set, without them,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi – Fixed a double-free in the probe error path. The driver currently uses spiallochost to allocate the controller, but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code...
CVE-2026-9266
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...
EUVD-2026-36411
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...
PT-2026-48857
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...
spi: s3c64xx: fix NULL-deref on driver unbind
...
spi: topcliff-pch: fix use-after-free on unbind
...
SUSE CVE-2026-46326
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
EUVD-2026-35427
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
CVE-2026-46326
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
PT-2026-47784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mprls0025pa pressure sensor driver where the spi transfer structure is not properly zeroed out before use, which can lead to undefined behavior during SPI transfer...
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind
In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...
spi: rspi: fix controller deregistration
...
spi: fsl: fix controller deregistration
...
spi: mpc52xx: fix use-after-free on unbind
...
SUSE CVE-2026-46219
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...
CVE-2026-46226
A flaw was found in the Linux kernel's spi: fsl driver. This vulnerability arises from improper sequencing of controller deregistration before releasing underlying resources, such as Direct Memory Access DMA, during the driver unbind process. This could potentially lead to system instability or a...
CVE-2026-46228
A flaw was found in the Linux kernel, specifically within the spi: ch341 driver. This vulnerability arises from incorrect management of device resources devres lifetime. When a Universal Serial Bus USB driver is unbound, the associated resources are not properly released, which can lead to memory...