Lucene search
K

16 matches found

NVD
NVD
added 2026/04/03 4:16 p.m.2 views

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

7.1CVSS0.00031EPSS
Exploits0References8
OSV
OSV
added 2025/12/24 1:6 p.m.2 views

CVE-2023-54104 mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fslupm: Fix an off-by one test in funexecop 'op-cs' is copied in 'fun-mchipnumber' which is used to access the 'mchipoffsets' and the 'rnbgpio' arrays. These arrays have NANDMAXCHIPS elements, so the index must be...

6.4AI score0.00029EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989204 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpminfcapplytimings fails, the PM...

7.8CVSS5.9AI score0.00022EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/07/28 11:23 p.m.1 views

SUSE CVE-2025-38398

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtdnandbiterrs module for testing the driver occasionally results in weird things like below. 1. swiotlb mapping fails with the following message: 85.926216 qcomsnand...

5.5CVSS7AI score0.00087EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/07/25 12:53 p.m.0 views

CVE-2025-38398

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtdnandbiterrs module for testing the driver occasionally results in weird things like below. 1. swiotlb mapping fails with the following message: 85.926216 qcomsnand...

5.5CVSS6AI score0.00087EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the rawnand submodule of the mtd module, where the allocation of the "user" pointer in the...

7.8CVSS6.3AI score0.00017EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/17 4:19 a.m.1 views

SUSE CVE-2022-48778

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpminfcapplytimings fails, the PM runtime usage counter must be dropped...

3.3CVSS7.8AI score0.00022EPSS
Exploits0References10
Cvelist
Cvelist
added 2023/04/28 12:0 a.m.15 views

CVE-2023-30024

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer...

6.6AI score0.00261EPSS
Exploits1References4
Rapid7 Blog
Rapid7 Blog
added 2022/10/18 4:0 p.m.18 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1

Rapid7 was back this year at DEF CON 30 participating at the IoT Village with another hands-on hardware hacking exercise, with the goal of teaching attendees' various concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics,...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/07 3:14 p.m.42 views

Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip

Dead-bugging — what is that, you ask? The concept comes from the idea that a memory chip, once it’s flipped over so you can attach wires to it, looks a little like a dead bug on its back. So why would we do this for the purposes of IoT hacking? The typical reason is if you want to extract the...

5CVSS8AI score0.85843EPSS
Exploits5
NVD
NVD
added 2021/03/15 1:15 p.m.10 views

CVE-2021-27208

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code...

6.8CVSS0.00089EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/03/15 12:27 p.m.12 views

CVE-2021-27208

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code...

7.3AI score0.00089EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 4:47 p.m.35 views

format test

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 2:44 p.m.661 views

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 7:41 a.m.67 views

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

7.8AI score
Exploits0
Talos
Talos
added 2019/01/21 12:0 a.m.47 views

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...

9.3CVSS8.2AI score0.00339EPSS
Exploits0
Rows per page
Query Builder