6390 matches found
spi: topcliff-pch: fix use-after-free on unbind
...
SUSE CVE-2026-46326
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
USN-8412-1 qemu vulnerabilities
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...
Chromium: CVE-2026-11012 Use after free in Serial
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-46326 iio: pressure: mprls0025pa: fix spi_transfer struct initialisation
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
CVE-2026-46326
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
EUVD-2026-35427
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
PT-2026-47784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mprls0025pa pressure sensor driver where the spi transfer structure is not properly zeroed out before use, which can lead to undefined behavior during SPI transfer...
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind
In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...
CVE-2026-40510
A flaw was found in OpenSC. A physically present attacker can exploit a stack buffer overflow vulnerability in the pivprocesshistory function by presenting a specially crafted Personal Identity Verification PIV smart card or USB device. This can lead to memory corruption within the system,...
CVE-2026-11012
An use after free flaw was found in the Serial component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497000161...
SUSE CVE-2026-11188
Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-47104
A flaw was found in libusb. This out-of-bounds read vulnerability allows a local attacker, particularly in virtualized environments utilizing USB passthrough, to trigger a denial of service. By providing a malformed USB descriptor, the attacker can cause the software to read beyond its allocated...
CVE-2026-36174
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...
CVE-2025-4386
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal....
CVE-2026-49192
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
CVE-2026-47272
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusbpadcompare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was also...
CVE-2026-40851
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...
MINI-R232-QJ48-CMC3
Bulletin has no description...