Abbott ID NOW Security Breach

Abbott ID NOW is an instrument-based rapid isothermal system from Abbott USA. A security vulnerability exists in Abbott ID NOW versions prior to 7.1, which originated from a vulnerability that allows an attacker to modify settings by compromising a physical device to access an internal serial por...

AMD System Management Mode Security Vulnerability

AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from improper access control in System Management Mode SMM that could allow an attacker to write to the SPI ROM...

PT-2023-12738 · Unknown +1 · System Management Mode +1

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to write to SPI ROM, potentially leading to arbitrary code...

OESA-2023-1797 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c.CVE-2023-37453 An issue was discovered in the Linux kernel before...

PT-2024-14722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This...

esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.16.0b1 <=2022.11.5) +3 more potentially affected by CVE-2023-46894 via esptool (>=3.0.0 <=3.3.3)

esptool PYPI version =3.0.0, =1.1.1, =1.16.0b1, =1.0.106, =0.6.0, =0.1.0, =0.9.0 Source cves: CVE-2023-46894 Source advisory: OSV:PYSEC-2023-234...

AZL-31958 CVE-2023-6039 affecting package kernel 5.15.200.1-1

A use-after-free flaw was found in lan78xxdisconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches...

UBUNTU-CVE-2023-6039

A use-after-free flaw was found in lan78xxdisconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches...

kernel: usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3qcominterconnectinit oficcget alloc resources for path handle, we should release it when not need anymore. Like the release in dwc3qcominterconnectexit function. Add iccput in error handlin...

kernel: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()

In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with xhciallocstreamctx. When some error occurs, streaminfo-streamctxarray is not...

kernel: HID: check empty report_list in hid_validate_values()

A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: Linux kernel: Denial of Service in ath9k Wi-Fi driver due to URB memory leak

A flaw was found in the Linux kernel's ath9k Wi-Fi driver. This memory leak vulnerability occurs because Universal Serial Bus USB request blocks URBs are allocated but not properly freed when certain conditions are met during USB device handling. A local attacker could exploit this by triggering...

kernel: USB: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead which...

kernel: usb: typec: ucsi: Don't attempt to resume the ports before they exist

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...

kernel: USB: chipidea: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...

kernel: USB: uhci: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

CVE-2023-42533

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Nov-2023 Release 1 version, which stems from incorrect input validation of the U...

DEBIAN-CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...

SUSE CVE-2023-5849

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...