Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in imspcuflashfirmware The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38428)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38428 advisory. - In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001284)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001284 advisory. The imspcugetcdcuniondesc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002962)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002962 advisory. The imspcuparsecdcdata function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003213 advisory. The imspcuparsecdcdata function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000891)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000891 advisory. The imspcuparsecdcdata function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service...

EUVD-2023-34941

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38428

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: ims-pcu - check record size in imspcuflashfirmware The len variable comes from the firmware and we generally do trust firmware, but it's always better t...

SUSE CVE-2025-38428

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in imspcuflashfirmware The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory...

DEBIAN-CVE-2025-38428

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in imspcuflashfirmware The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory...

UBUNTU-CVE-2025-38428

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in imspcuflashfirmware The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory...

CVE-2025-38428

CVE-2025-38428 : In the Linux kernel, the vulnerability affects the ims-pcu path where the firmware-provided length (len) is used in memcpy to fragment data in ims_pcu_flash_firmware(). If len is too large, memory corruption can occur. The issue arises from trusting firmware input; the fixed vers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ims-pcu input module not validating the firmware record size, which could lead to memory corruption...

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

CVE-2023-30560

The configuration from the PCU can be modified without authentication using physical connection to the PCU...

Authentication flaw

The configuration from the PCU can be modified without authentication using physical connection to the PCU...

CVE-2023-30561

CVE-2023-30561 describes insecure data flow between the BD Alaris PCU and its modules. In BD Alaris PCU Model 8015, v12.1.3 and earlier, the infusion data can be exposed or tampered if a threat actor gains physical access and connects a crafted device during an infusion. BD’s ICS bulletin indicat...

CVE-2023-30560 PCU Configuration Lacks Authentication

The configuration from the PCU can be modified without authentication using physical connection to the PCU...

CVE-2023-30560

BD Alaris PCU 8015 (versions 12.1.3 and earlier) exposes a vulnerability (CVE-2023-30560) where the PCU configuration can be modified without authentication by connecting physically to the PCU. The CVSS v3.1 base metrics in public sources indicate AV:P, AC:L, PR:N, UI:N, S:U, with C/H/I/H/A/H, i....