CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devmregmapinitencx24j600 devmregmapinit may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection...

CVE-2025-14857 Semtech LR11xx Memory Write Access Control Bypass

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2025-14857

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2025-14857

CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...

PT-2026-30995

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...

EUVD-2026-5860

In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegraslinkprobe In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper...

CVE-2025-68352 spi: ch341: fix out-of-bounds memory access in ch341_transfer_one

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341transferone Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min32, trans-len + 1', which includes the 1-byte command header...

EUVD-2017-9407

Malware in sbrugna...

EUVD-2024-54156

Malicious code in bioql PyPI...

CVE-2025-39893 spi: spi-qpic-snand: unregister ECC engine on probe error and device remove

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spiregistercontroller function returns with an error and also on device removal. Change...

spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware

...

CVE-2025-22067

In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...

CVE-2024-12975

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface...

CVE-2024-12975

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface...

Linux Distros Unpatched Vulnerability : CVE-2024-41088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfdstartxmit function fails, the driver stops processing messages, and the interrupt routine do...

DEBIAN-CVE-2024-47664

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the maxfrequency provided by the firmware If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by firmware...

UBUNTU-CVE-2024-42249

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spiasync Calling spimaybeunoptimizemessage in spiasync is wrong because the message is likely to be in the queue and not transferred yet. This can corrupt the message while it is being used by the...

SUSE CVE-2024-41036

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851startxmitspi and ks8851irq: watchdog: BUG: soft...

CVE-2024-41088

An infinite loop flaw was found in the MCP251xfd CAN driver in Linux Kernel that occurs when mcp251xfdstartxmit fails. Failure to transmit a message can lead to the driver halting message processing and getting stuck in an endless loop, particularly when multiple devices shared the same SPI...