EUVD-2025-205381

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...

CVE-2025-15083

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...

spi: tegra210-quad: Fix timeout handling

...

SUSE CVE-2023-54110

In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint32 in rndisquery function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a...

SUSE CVE-2023-54136

In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when probe returns failure to avoid memory leak...

SUSE CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

SUSE CVE-2025-68750

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbgmaketpg The variable tpgt in usbgmaketpg is defined as unsigned long and is assigned to tpgt-tporttpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than...

youlai-mall 授权问题漏洞

youlai-mall is a full-stack mall system by youlaitech open source. Authorization issue vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which originates from the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java Function submitOrderPayment...

PT-2025-53406

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30s versions up to 1.47 Description A flaw exists in TOZED ZLT M30s up to version 1.47 related to the UART Interface component. Manipulation of an unknown function within this component can lead to improper access control to the...

TOZED ZLT M30S 安全漏洞

TOZED ZLT M30S is a mobile WiFi router from China's Tongze Kangwei TOZED. A security vulnerability exists in TOZED ZLT M30S version 1.47 and earlier, which stems from the presence of an improperly access-controlled on-chip debug and test interface in the UART Interface component, which could lead...

CLSA-2025-1766617167 kernel: Fix of 27 CVEs

xfrm: Duplicate SPI Handling CVE-2025-39965 - xfrm: state: use atomicincnotzero to increment refcount - padata: Fix pd UAF once and for all CVE-2025-38584 - padata: Remove broken queue flushing CVE-2023-52854 - padata: ensure padatadoserial runs on the correct CPU - Bluetooth: L2CAP: Fix...

CVE-2025-68750

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbgmaketpg The variable tpgt in usbgmaketpg is defined as unsigned long and is assigned to tpgt-tporttpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than...

CVE-2025-68750

CVE-2025-68750 : In the Linux kernel, a potential integer overflow existed in usb/ usbg_make_tpg() where a tpgt value (unsigned long) could overflow when assigned to tpgt->tport_tpgt (u16). The fix changes tpgt’s type to match tpgt->tport_tpgt to avoid overflow. Connected advisories corrobo...

EUVD-2025-205216

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

EUVD-2023-60309

In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when probe returns failure to avoid memory leak...

EUVD-2022-55794

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically removing a USB device. Adds ufxopsdestroy function to .fbdestroy of fbops, and in this function, there is krefput that finally calls...

CVE-2023-54159

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...

CVE-2023-54136

In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when probe returns failure to avoid memory leak...

CVE-2022-50767

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically removing a USB device. Adds ufxopsdestroy function to .fbdestroy of fbops, and in this function, there is krefput that finally calls...

CVE-2022-50740

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs Syzkaller reports a long-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called but usbfreeurb or usbputurb is no...