USN-5416-1: Linux kernel (OEM) vulnerabilities

Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. CVE-2022-1158 It was discovered that the implementation ...

GSD-2022-1000698 net: dsa: microchip: fix bridging with more than two member ports

net: dsa: microchip: fix bridging with more than two member ports This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.13 by commit...

UVI-2021-1001905 net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work

net: dsa: microchip: Added the condition for scheduling kszmibreadwork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.14 by commit...

GSD-2021-1001905 net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work

net: dsa: microchip: Added the condition for scheduling kszmibreadwork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.14 by commit...

UVI-2021-1001859 net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work

net: dsa: microchip: Added the condition for scheduling kszmibreadwork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.75 by commit...

GSD-2021-1001859 net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work

net: dsa: microchip: Added the condition for scheduling kszmibreadwork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.75 by commit...

CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check MIC bytes...

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check MIC bytes...

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

Authentication flaw

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

Design/Logic Flaw

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check MIC bytes...

CVE-2021-37605

CVE-2021-37605 affects Microchip MiWi software (v6.5 and earlier/legacy). The vulnerability arises because the stack validates only two of four Message Integrity Check (MIC) bytes, reducing integrity protection. This is documented across multiple sources (NVD/NVD CVE entry) and indicates a potent...

CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check MIC bytes...

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

CVE-2021-37604

The CVE-2021-37604 entry pertains to Microchip MiWi software (v6.5 and earlier). The vulnerability arises because frame counters can be validated/updated prior to message authentication, allowing an attacker to inject messages with inflated frame counters and invalid payloads. This can cause deni...

Microchip MiWi 安全漏洞

Microchip MiWi is a proprietary wireless protocol from Microchip that supports point-to-point star network connections. A security vulnerability exists in Microchip MiWi v6.5 that can bypass privilege authentication for illegal operation...

Microchip MiWi 安全漏洞

Microchip MiWi is a proprietary wireless protocol from Microchip that supports point-to-point star network connections. A security vulnerability exists in Microchip MiWi v6.5 that can bypass privilege authentication for illegal operation...

PT-2021-2233 · Microchip · Mplab Net

Name of the Vulnerable Software and Affected Versions: Microchip MPLAB Net version 3.6.1 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the implementation of the MPLAB Net protocol stack. This could allow a remote attacker to gain unauthorized...

Microchip MPLAB Net Security Feature Issue Vulnerability

Microchip MPLAB Net is an integrated development environment from Microchip Corporation. A security signature issue vulnerability exists in Microchip MPLAB Net that arises from reversal of publicly available information in an observable output stream...