564 matches found
Microchip RN4870 安全漏洞
The Microchip RN4870 is a Bluetooth low energy module chip from Microchip, Inc. A security vulnerability exists in Microchip RN4870 module firmware version 1.43, which is caused by ConReqTimeoutZero unresponsiveness, and can be exploited by an attacker to cause a covert denial of service over...
PT-2022-27854 · Microchip · Microchip Pic Lightblue Explorer Demo +1
Name of the Vulnerable Software and Affected Versions: Microchip RN4870 module firmware version 1.43 Microchip PIC LightBlue Explorer Demo version 4.2 DT100112 Description: The issue concerns the acceptance of PairCon rmSend with incorrect values. This affects the Microchip RN4870 module firmware...
CVE-2022-46403
The CVE-2022-46403 entry concerns the Microchip RN4870 module firmware v1.43 and the Microchip PIC LightBlue Explorer Demo v4.2 DT100112, which mishandle reject messages. Connected sources confirm affected products/versions but do not provide root-cause details, exploit information, or a vendor-s...
CVE-2022-46401
The CVE-2022-46401 affects Microchip RN4870 module firmware v1.43 and the Microchip PIC LightBlue Explorer Demo v4.2 DT100112, where PauseEncReqPlainText is accepted before pairing is complete. This can place the low-power Bluetooth stack in a faulty state, discarding other messages and causing s...
CVE-2022-46401
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 accepts PauseEncReqPlainText before pairing is complete...
CVE-2022-46403
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 mishandles reject messages...
PT-2022-27850 · Microchip · Rn4870 +1
Name of the Vulnerable Software and Affected Versions: Microchip RN4870 module firmware version 1.43 Microchip PIC LightBlue Explorer Demo version 4.2 DT100112 Description: The issue is related to the Microchip RN4870 module firmware and the Microchip PIC LightBlue Explorer Demo being unresponsiv...
CVE-2022-46400
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 allows attackers to bypass passkey entry in legacy pairing...
CVE-2022-46403
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 mishandles reject messages...
CVE-2022-46402
The CVE-2022-46402 entry concerns Microchip RN4870 module firmware v1.43 and the PIC LightBlue Explorer Demo 4.2 DT100112, where PairCon_rmSend accepts incorrect values due to improper validation. Documented impact per CVSS indicates availability impact is HIGH while other CIA aspects are NONE. T...
PT-2022-27855 · Microchip · Rn4870 +1
Name of the Vulnerable Software and Affected Versions: Microchip RN4870 module firmware version 1.43 Microchip PIC LightBlue Explorer Demo version 4.2 DT100112 Description: The issue is related to the mishandling of reject messages in the firmware. There is no information provided about the...
CVE-2022-46400
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 allows attackers to bypass passkey entry in legacy pairing...
Out-of-bounds
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network RSN information element from a Netlink packet...
Heap overflow
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTRCHANNELLIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi...
GSD-2022-1007900 net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 ...
GSD-2022-1007728 net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 b...
GSD-2022-1005613 PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
PCI: microchip: Fix refcount leak in mcpcieinitirqdomains This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005266 PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
PCI: microchip: Fix refcount leak in mcpcieinitirqdomains This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
GSD-2022-1004349 net: dsa: microchip: ksz_common: Fix refcount leak bug
net: dsa: microchip: kszcommon: Fix refcount leak bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.58 by commit...
USN-5515-1: Linux kernel vulnerabilities
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Jann Horn discovered that the FUSE file system i...