CVE-2020-11447

The CVE-2020-11447 issue affects Bell HomeHub 3000 SG48222070. Remote authenticated users can retrieve the device serial number via the cgi/json-req endpoint, constituting an information leak intended to prove physical access. Impact is the exposure of hardware identity; no exploit details are pr...

CVE-2020-11447

An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device...

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

CVE-2023-47262

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit...

CVE-2023-47262

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit...

CVE-2023-47262

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit...

QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

kernel: hid: Use After Free in asus_remove()

A use-after-free flaw was found in asuskbdbacklightset in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem...

kernel: HID: check empty report_list in hid_validate_values()

A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: Linux kernel: Denial of Service in ath9k Wi-Fi driver due to URB memory leak

A flaw was found in the Linux kernel's ath9k Wi-Fi driver. This memory leak vulnerability occurs because Universal Serial Bus USB request blocks URBs are allocated but not properly freed when certain conditions are met during USB device handling. A local attacker could exploit this by triggering...

kernel: xhci: Remove device endpoints from bandwidth list when freeing the device

A null pointer/list corruption flaw was found in the Linux kernel USB xHCI host controller code. When the xHCI host is dying or being removed, some device endpoints may remain on the software bandwidth list. Later cleanup deletes entries that were already freed, corrupting the list and crashing t...

kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a URB provided by a USB device, i...

kernel: USB: uhci: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

kernel: USB: ULPI: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

kernel: wifi: ath9k: verify the expected usb_endpoints are present

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...

kernel: HID: check empty report_list in hid_validate_values()

A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: hid: Use After Free in asus_remove()

A use-after-free flaw was found in asuskbdbacklightset in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem...

kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

PT-2023-30398 · Abbott · Id Now

Name of the Vulnerable Software and Affected Versions: Abbott ID NOW versions prior to 7.1 Description: The issue allows modification of the startup process and device configurations via physical access to an internal serial port. Direct physical access is required to exploit this issue. Settings...