Lucene search
+L

217 matches found

euvd
euvd
added 2026/04/07 9:32 p.m.7 views

EUVD-2025-209282

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/07 7:56 p.m.21 views

CVE-2025-14857 Semtech LR11xx Memory Write Access Control Bypass

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS0.00243EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.8 views

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References3
susecve
susecve
added 2026/04/03 11:26 p.m.8 views

SUSE CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

4.7CVSS5.7AI score0.00123EPSS
Exploits0References16
susecve
susecve
added 2026/04/03 11:26 p.m.6 views

SUSE CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

4.1CVSS5.7AI score0.00117EPSS
Exploits0References16
osv
osv
added 2026/04/03 4:16 p.m.12 views

UBUNTU-CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References9
osv
osv
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23475 spi: fix statistics allocation

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References11
ubuntucve
ubuntucve
added 2026/02/14 5:15 p.m.6 views

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References7
euvd
euvd
added 2026/02/14 4:27 p.m.5 views

EUVD-2026-5838

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

5.3AI score0.00088EPSS
Exploits0References2
nessus
nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer i...

5.5CVSS6.2AI score0.00111EPSS
Exploits0References3
osv
osv
added 2026/02/05 5:16 p.m.4 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/05 4:58 p.m.5 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00115EPSS
Exploits0References1
euvd
euvd
added 2026/02/05 4:58 p.m.6 views

EUVD-2026-5533

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References1
osv
osv
added 2026/02/04 8:43 p.m.13 views

USN-8016-1 linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SPI subsystem; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698,...

8.8CVSS6.4AI score0.00391EPSS
Exploits2References5
osv
osv
added 2026/02/04 5:16 p.m.6 views

UBUNTU-CVE-2026-23068

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spiallochost to allocate the controller but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code jumps to the...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References16
euvd
euvd
added 2026/02/04 4:7 p.m.7 views

EUVD-2026-5476

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spiallochost to allocate the controller but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code jumps to the...

5.3AI score0.00129EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/04 4:7 p.m.31 views

CVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error path

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spiallochost to allocate the controller but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code jumps to the...

0.00129EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/01/13 4:15 p.m.4 views

CVE-2025-68773

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce "spi: fsl-cpm: Use 16 bit mode for large transfers with even size" failed to make sure that the size is really even before switching to 16 bit...

5.9AI score0.00177EPSS
Exploits0References27
osv
osv
added 2026/01/13 4:15 p.m.7 views

UBUNTU-CVE-2025-68773

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce "spi: fsl-cpm: Use 16 bit mode for large transfers with even size" failed to make sure that the size is really even before switching to 16 bit...

5.9AI score0.00177EPSS
Exploits0References28
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.3 views

PT-2026-8210

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the tegra qspi combined seq xfer function related to the curr xfer field. Specifically, the curr xfer field can be accessed by an interrupt request...

5.5CVSS6AI score0.00111EPSS
Exploits0
Rows per page
Query Builder