CVE-2025-38535

CVE-2025-38535 relates to the Linux kernel on Tegra XUSB where regulator disable logic became unbalanced when leaving USB_ROLE_DEVICE. The fix moves regulator control into tegra186_xusb_padctl_id_override() and disables the regulator only when transitioning from USB_ROLE_HOST to USB_ROLE_NONE aft...

CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

exchangeRateDeltaLimit can be exceeded with overrideExchangeRate() and remain unpaused

Lines of code Vulnerability details Impact The CashManger has a safety feature that limits the maximum change in the exchange rate between epochs. in setMintExchangeRate it is checked that this limit is not exceeded but there is no check in overrideExchangeRate. Proof of Concept An epoch could ha...

Prototype Pollution

deep-override is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the override function...