Lucene search
K

205 matches found

RedhatCVE
RedhatCVE
added 2026/04/24 5:38 p.m.5 views

CVE-2026-31560

A flaw was found in the Linux kernel's spi-dw-dma component. When the system attempts to complete a Serial Peripheral Interface SPI transaction, an error in handling a missing device message can lead to a system crash. This vulnerability could result in a Denial of Service DoS...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 2:35 p.m.4 views

EUVD-2026-25453

In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...

5.5AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 2:35 p.m.15 views

CVE-2026-31560

CVE-2026-31560 affects the Linux kernel spi-dw-dma path. When completing an SPI transaction, an error in handling a missing device message can lead to a system crash; the recommended fix is to obtain the device from the struct spi_controller* (dev from the controller). The vulnerability has been ...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/22 6:56 p.m.7 views

CVE-2026-31487

A flaw was found in the Linux kernel, specifically within its Serial Peripheral Interface SPI subsystem. This vulnerability arises from improper handling of memory when a driver is being attached, leading to a use-after-free UAF condition. A UAF vulnerability is a type of memory corruption that c...

5.5CVSS5.7AI score0.00094EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 6:56 p.m.6 views

CVE-2026-31485

A flaw was found in the spi-fsl-lpspi driver within the Linux kernel. This vulnerability, identified as a Use-After-Free UAF issue, stems from a teardown order problem during the unregistration of the Serial Peripheral Interface SPI controller. When a running SPI transfer attempts to access...

7.8CVSS5.3AI score0.00126EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.11 views

EUVD-2026-24853

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

5.6AI score0.00094EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:54 p.m.6 views

CVE-2026-31489

In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34394

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-put issue exists in the remove path of the meson-spicc SPI driver. The meson spicc probe function registers the controller using devm spi register controller, which ensures the...

7.8CVSS5.4AI score0.00129EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SPI subsystem not using the general driveroverride infrastructure. This vulnerability may lea...

5.5CVSS5.8AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 9:32 p.m.6 views

EUVD-2025-209282

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 7:56 p.m.19 views

CVE-2025-14857 Semtech LR11xx Memory Write Access Control Bypass

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS0.00243EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.8 views

SUSE CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

4.7CVSS5.7AI score0.00123EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.5 views

SUSE CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

4.1CVSS5.7AI score0.00117EPSS
Exploits0References16
OSV
OSV
added 2026/04/03 4:16 p.m.10 views

UBUNTU-CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/02/14 5:15 p.m.5 views

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/14 4:27 p.m.5 views

EUVD-2026-5838

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

5.3AI score0.00088EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer i...

5.5CVSS6.2AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 5:16 p.m.4 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/05 4:58 p.m.6 views

EUVD-2026-5533

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References1
Rows per page
Query Builder