Lucene search
K

147 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw in the Linux kernel is found in the nfcmrvlnciunregisterdev function in the drivers/nfc/nfcmrvl/main.c file. This flaw can cause both read and write operations to be performed after the device has been freed, without synchronization between the cleanup routine and the firmware download...

7CVSS6.5AI score0.0052EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed kernel panic during firmware release This fix addresses a kernel panic that occurred during the release of firmware in a stress test scenario where WLAN and Bluetooth firmware downloads occur...

5.5CVSS6.4AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 9:24 a.m.10 views

CVE-2026-43069

A flaw was found in the Linux kernel's Bluetooth subsystem, specifically in the hcill component. A local user could exploit this vulnerability when the system attempts to download firmware. If the firmware content is invalid or empty after a successful request, the system fails to release the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hcill driver failing to release the firmware during a firmware download error path, potential...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/05/01 3:16 p.m.5 views

CVE-2026-31747

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...

7.8CVSS0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 2:14 p.m.17 views

CVE-2026-31747

CVE-2026-31747 affects the Linux kernel code path for comedi me4000 firmware loading. The vulnerability arises when me4000_xilinx_download() blindly trusts the firmware file format and reads a header length from the first 4 bytes into file_length, then reads data from offset 16 of length file_len...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36382

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overrun can occur in the me4000 xilinx download function when loading firmware requested by request firmware. The function reads a data stream length from the first 4 bytes into...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-46749)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46749 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer...

5.5CVSS6.2AI score0.00232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001714 advisory. A flaw in Linux Kernel found in nfcmrvlnciunregisterdev in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between...

7CVSS6.5AI score0.0052EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.8 views

Siemens SCALANCE, Ruggedcom ROX Use After Free (CVE-2022-1734)

A flaw in Linux Kernel found in nfcmrvlnciunregisterdev in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. This plugin only works with Tenable.ot. Please visit...

7CVSS6.5AI score0.0052EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.10 views

PT-2025-50535

Name of the Vulnerable Software and Affected Versions Aqara Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices do not properly validate server certificates when downloading firmware updates over HTTPS. This allows attacke...

7.4CVSS6.7AI score0.00157EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.21 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

0.00157EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/11/14 12:23 a.m.3 views

SUSE CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

6.5AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/13 12:30 a.m.7 views

EUVD-2025-150366

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

5.9AI score0.00154EPSS
Exploits0References3
NVD
NVD
added 2025/11/12 10:15 p.m.6 views

CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

0.00154EPSS
Exploits0References2
OSV
OSV
added 2025/11/12 10:15 p.m.3 views

DEBIAN-CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

5.2AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 10:15 p.m.4 views

UBUNTU-CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

5.7AI score0.00154EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/11/12 9:56 p.m.7 views

CVE-2025-40208 media: iris: fix module removal if firmware download failed

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

0.00154EPSS
Exploits0References2
CVE
CVE
added 2025/11/12 9:56 p.m.22 views

CVE-2025-40208

CVE-2025-40208 is tied to the Linux kernel Iris media driver (qcom-iris). The public descriptions show a fix for module removal when firmware download/load fails (Direct firmware load for qcom/vpu/vpu33_p4.mbn failed with error -2; downstream init/core deinit messages; unbind path). Affected stac...

6AI score0.00154EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/11/12 9:56 p.m.4 views

CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

5.2AI score0.00154EPSS
Exploits0
Rows per page
Query Builder