205 matches found
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
PT-2023-12738 · Unknown +1 · System Management Mode +1
Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to write to SPI ROM, potentially leading to arbitrary code...
AMD System Management Mode Security Vulnerability
AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from improper access control in System Management Mode SMM that could allow an attacker to write to the SPI ROM...
PT-2024-14722
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This...
PT-2023-9478 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the SPI peripheral in the Linux kernel, where sometimes RX SPI transfers with DMA enabled return corrupted data due to single or multiple bytes lost during DMA...
kernel: regmap: spi: Reserve space for register address/padding
In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...
CVE-2023-20082
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
CVE-2022-45552
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...
CVE-2022-42275
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...
CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...
Ampere Computing Ampere Altra 安全漏洞
The Ampere Computing Ampere Altra is an 80-core server processor from Ampere Computing, USA. A security vulnerability exists in the Ampere Computing Ampere Altra that stems from a UEFI-accessible Altra reference design that allows insecure access to the SPI-NOR by operating system/manager...
PT-2022-9724 · Amd · Athlon™ Series +53
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a failure to verify the protocol in SMM, which may allow an attacker to control the protocol and modify SPI flash, potentially...
CVE-2020-12961
A potential vulnerability exists in AMD Platform Security Processor PSP that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections...
PT-2021-9138 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr versions = v1.14.2, = v2.2.0 Description: The issue concerns Missing Size Checks in Bluetooth HCI over SPI, which involves Improper Handling of Length Parameter Inconsistency. Recommendations: For Zephyr versions = v1.14.2, = v2.2.0, a...
Linux kernel denial of service vulnerability (CNVD-2020-28264)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/spi/spi-dw.c file in Linux kernel versions prior to 5.4.17. An attacker can exploit this vulnerability to cause a denial...
UBUNTU-CVE-2020-12769
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...
Vulnerability of the spi_gpio_probe() function (drivers/spi/spi-gpio.c) in the Linux kernel, allowing a hacker to cause a service failure
The vulnerability of the spigpioprobe function drivers/spi/spi-gpio.c in the Linux kernel involves uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
Intel SPI Write Protection Local Security Bypass Vulnerability
Intel NUC7i3BNK, etc. are CPU Central Processing Unit products of Intel Corporation USA. A local security bypass vulnerability exists in Intel SPI Write Protection, which can be exploited by a local attacker to bypass certain security restrictions...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Android operating system’s Serial Peripheral Interface driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...
CVE-2016-3807
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196...