Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fixed a possible memory leak related to ffhctxt. A memory leak may occur if the SMCCC version and conduit checks fail, and the -EOPNOTSUPP error is returned without freeing the allocated memory. This issue was fixed ...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

CVE-2025-62864

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context...

CVE-2025-62862

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in 1 an out-of-bounds read which leaks Secure-EL0 information to a process...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

PT-2025-51755

Name of the Vulnerable Software and Affected Versions AmpereOne AC03 versions prior to 3.5.9.3 AmpereOne AC04 versions prior to 4.4.5.2 AmpereOne M versions prior to 5.4.5.1 Description The software contains a flaw where an incorrectly formed System Management Call SMC to the UEFI-MM PCIe driver...

CVE-2025-27060

CVE-2025-27060 describes a memory corruption vulnerability in Qualcomm chipsets TZ firmware related to System Configuration Manager (SCM) calls with malformed inputs. Multiple connected sources corroborate the issue as a memory corruption/untrusted pointer dereference scenario with high impact, i...

CVE-2025-27060 Untrusted Pointer Dereference in TZ Firmware

Memory corruption while performing SCM call with malformed inputs...

CVE-2025-27059 Use of Out-of-range Pointer Offset in TZ Firmware

Memory corruption while performing SCM call...

CVE-2025-27059 Use of Out-of-range Pointer Offset in TZ Firmware

Memory corruption while performing SCM call...

EUVD-2017-9276

Malware in sbrugna...

EUVD-2020-5074

Malware in sbrugna...

CVE-2023-53266

The CVE-2023-53266 issue affects the Linux kernel (arm64) ACPI path involving ffh_ctxt allocation. The vulnerability arises when SMCCC version and conduit checks fail and a -EOPNOTSUPP return occurs without freeing the allocated ffh_ctxt memory, creating a memory leak. The documented fix moves th...

firmware: qcom: scm: smc: Handle missing SCM device

...

Secure User-Friendly Blockchain Modular Wallet Design Using Android and OP-TEE

Emerging crypto economies still hemorrhage digital assets because legacy wallets leak private keys at almost every layer of the software stack, from user-space libraries to kernel memory dumps. This paper solves that twin crisis of security and interoperability by re-imagining key management as a...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

kernel: firmware: qcom: scm: smc: Handle missing SCM device

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f "firmware: qcom: scm: fix a NULL-pointer dereference" makes it explicit that qcomscmgettzmempool can return NULL, therefore its users should handle this...

OESA-2025-1342 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

DEBIAN-CVE-2024-58084

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcomscmgettzmempool Commit 2e4955167ec5 "firmware: qcom: scm: Fix scm and waitq completion variable initialization" introduced a write barrier in probe function to store global 'sc...

AMD Server Processor 输入验证错误漏洞

AMD Server Processor is a processor product from UltraMicro Semiconductor AMD for the server market, which is primarily used in data centers, cloud computing, and high performance computing. AMD Server Processor suffers from an input validation error vulnerability that stems from incorrect input...