mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

...

EUVD-2023-60509

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-boun...

EUVD-2025-26115

Malicious code in bioql PyPI...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

CVE-2025-51643

Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

UBUNTU-CVE-2024-53046

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has 32 LUTs, so correct the compatible string here, otherwise will meet below error: 1.119072 ------------ cut...

PT-2024-25420 · Ami · Aptiov

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. There is no information provided about the...

CVE-2024-44815

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 server microprocessor product line from AMD Semiconductor, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC™ Processors. The vulnerability can be exploited to write to the SPI flash memory to execute arbitrary cod...

PT-2024-11958 · Unknown · System Management Mode

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to access the SPI flash, potentially leading to arbitrary code...

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...

PT-2023-24820 · American Megatrends · Ami Bmc

Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns a vulnerability in the IPMI handler of AMI BMC, allowing an unauthenticated host to write to a host SPI flash and bypass secure boot protections. This could lead to a los...

PT-2023-2222 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...

The vulnerability of the SecureBackDoor driver in the microprogramming software of Lenovo laptops allows a hacker to inject malicious code into the SPI flash memory.

The vulnerability of the SecureBackDoor driver in Lenovo notebook BIOS microprograms lies in the ability to alter the protection zone of the microprogram by editing the NVRAM variable. Exploiting this vulnerability allows a hacker to inject malicious code into the SPI flash memory...

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware...