Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fixed a possible memory leak related to ffhctxt. A memory leak may occur if the SMCCC version and conduit checks fail, and the -EOPNOTSUPP error is returned without freeing the allocated memory. This issue was fixed ...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

CVE-2025-62864

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context...

CVE-2025-62862

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in 1 an out-of-bounds read which leaks Secure-EL0 information to a process...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

PT-2025-51755

Name of the Vulnerable Software and Affected Versions AmpereOne AC03 versions prior to 3.5.9.3 AmpereOne AC04 versions prior to 4.4.5.2 AmpereOne M versions prior to 5.4.5.1 Description The software contains a flaw where an incorrectly formed System Management Call SMC to the UEFI-MM PCIe driver...

CVE-2025-27060

CVE-2025-27060 describes a memory corruption vulnerability in Qualcomm chipsets TZ firmware related to System Configuration Manager (SCM) calls with malformed inputs. Multiple connected sources corroborate the issue as a memory corruption/untrusted pointer dereference scenario with high impact, i...

CVE-2025-27060 Untrusted Pointer Dereference in TZ Firmware

Memory corruption while performing SCM call with malformed inputs...

CVE-2025-27059 Use of Out-of-range Pointer Offset in TZ Firmware

Memory corruption while performing SCM call...

CVE-2025-27059 Use of Out-of-range Pointer Offset in TZ Firmware

Memory corruption while performing SCM call...

EUVD-2017-9276

Malware in sbrugna...

CVE-2023-53266

The CVE-2023-53266 issue affects the Linux kernel (arm64) ACPI path involving ffh_ctxt allocation. The vulnerability arises when SMCCC version and conduit checks fail and a -EOPNOTSUPP return occurs without freeing the allocated ffh_ctxt memory, creating a memory leak. The documented fix moves th...

firmware: qcom: scm: smc: Handle missing SCM device

...

kernel: firmware: qcom: scm: smc: Handle missing SCM device

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f "firmware: qcom: scm: fix a NULL-pointer dereference" makes it explicit that qcomscmgettzmempool can return NULL, therefore its users should handle this...

DEBIAN-CVE-2024-58084

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcomscmgettzmempool Commit 2e4955167ec5 "firmware: qcom: scm: Fix scm and waitq completion variable initialization" introduced a write barrier in probe function to store global 'sc...

CVE-2024-53161 EDAC/bluefield: Fix potential integer overflow

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of memctrlidx left-shifted 16 bits and OR-ed with DIMM index. With memctrlidx defined as 32-bits wide the left-shift...

CVE-2023-5370

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0...

PT-2023-32073 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when the check for the SMCCC workaround is called before SMCCC support has been initialized on CPU 0. This results in no speculative...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

NVIDIA Jetson 输入验证错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. A security vulnerability exists in NVIDIA Jetson that stems from an inability to validate untrusted input in the SMC call handler could allow a highly privileged local attacker to cause an information disclosure and...