Lucene search
K

261 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 12:8 a.m.5 views

CVE-2026-52978

A flaw was found in the Linux kernel's Platform Security Processor PSP networking component. A local user without administrative privileges could exploit this vulnerability by utilizing the dev-set and key-rotate netlink operations. These operations, which modify sensitive PSP version configurati...

5.5CVSS5.8AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38846

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...

5.7AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52978

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...

5.5CVSS0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.10 views

CVE-2026-52978

The CVE-2026-52978 issue affects the Linux kernel PSP networking code. The netlink operations dev-set and key-rotate modify sensitive PSP state (version configuration and cryptographic keys) but did not require CAP_NET_ADMIN; access was only checked by psp_dev_check_access() for netns membership....

5.5CVSS5.7AI score0.00173EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrmbuddyfini The following call trace is observed when removing the amdgpu driver, which is caused by that BOs allocated for psp are not freed until removing. 61811.450562 RIP:...

5.5CVSS6.2AI score0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 4:17 p.m.8 views

JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.8AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 7:43 p.m.6 views

CVE-2026-31699

A flaw was found in the Linux kernel's crypto: ccp module. A local user could exploit a vulnerability where the system attempts to copy a Certificate Signing Request CSR to userspace even after a Platform Security Processor PSP command has failed. This can lead to a slab-out-of-bounds write,...

7.1CVSS6AI score0.00126EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/01 1:55 p.m.8 views

CVE-2026-31699

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

7.1CVSS6AI score0.00126EPSS
Exploits0
OSV
OSV
added 2026/05/01 1:55 p.m.2 views

CVE-2026-31698 crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...

7.1CVSS6AI score0.00126EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/05/01 1:55 p.m.5 views

CVE-2026-31698

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...

7.1CVSS5.9AI score0.00126EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:55 p.m.4 views

CVE-2026-31697

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was due to an invalid...

6AI score0.00126EPSS
Exploits0References6Affected Software1
Wiz blog
Wiz blog
added 2026/04/22 12:0 p.m.7 views

Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI

Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/20 12:21 p.m.6 views

CVE-2025-54510

A flaw was found in the AMD Platform Security Processor in AMD EPYC™ 9005 Series CPUs. A missing lock check allows a privileged attacker with local access to potentially impact the confidentiality of guest data. This vulnerability could lead to unauthorized disclosure of sensitive information...

6CVSS5.7AI score0.00108EPSS
Exploits1References4
NVD
NVD
added 2026/04/16 7:16 p.m.6 views

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

5.9CVSS0.00108EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/16 6:44 p.m.25 views

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

5.9CVSS0.00108EPSS
Exploits1References1
CVE
CVE
added 2026/04/16 6:44 p.m.135 views

CVE-2025-54510

The connected documents confirm CVE-2025-54510 affects AMD Zen 5 (and related platforms) via a missing lock verification in the AMD Secure Processor (ASP) firmware that can allow a locally authenticated, high-privilege attacker to alter MMIO routing during boot/init, potentially compromising gues...

5.9CVSS5.8AI score0.00108EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 p.m.3 views

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

5.9CVSS5.8AI score0.00108EPSS
Exploits1References1
OSV
OSV
added 2026/04/01 8:16 p.m.9 views

DEBIAN-CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

9.1CVSS5.3AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 8:55 p.m.3 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS5.9AI score0.00238EPSS
Exploits1References1
Fedora
Fedora
added 2026/03/31 12:27 a.m.9 views

[SECURITY] Fedora 44 Update: nss-3.121.0-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.9AI score
Exploits0
Rows per page
Query Builder