Security Bulletin: TDI is vulnerable to do not reject out of range writes due to uuid-11.1.0 - CVE-2026-41907

Summary portal-tdi, portal-tdl and portal gcm uses carbon data table and this library requires uuid 11.1.0 the same library have this CVE-2026-41907 Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6...

CVE-2026-27908

Use after free in Windows TDI Translation Driver tdx.sys allows an authorized attacker to elevate privileges locally...

CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability

...

CVE-2026-27908

CVE-2026-27908 is a Windows Elevation of Privilege vulnerability in the TDI Translation Driver (tdx.sys). The CVSS 3.1 base score is 7.0 (HIGH) with LOCAL attack vector, HIGH impact to confidentiality, integrity, and availability. Exploitation is deemed UNPROVEN and requires LOW privileges with N...

CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability

...

Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability

Use after free in Windows TDI Translation Driver tdx.sys allows an authorized attacker to elevate privileges locally...

PT-2026-32770

Name of the Vulnerable Software and Affected Versions Windows TDI Translation Driver tdx.sys affected versions not specified Description A use after free issue in the Windows TDI Translation Driver tdx.sys allows an authorized attacker to elevate privileges locally. Use after free is a memory...

EUVD-2014-9444

Malware in sbrugna...

EUVD-2006-4913

Malware in sbrugna...

Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally...

Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally...

Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference

Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

CVE-2023-28897 Hard-coded password for UDS services

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

CVE-2023-28897

CVE-2023-28897 affects Škoda MIB3 infotainment. The vulnerability stems from a hardcoded secret value used to access critical UDS services, impacting Škoda Superb III (3V3) 2.0 TDI (2022). According to NVD, CVSSv3.1 base score 9.8 (Network, high impact on confidentiality, integrity, availability)...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

Design/Logic Flaw

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

CVE-2023-28896 Weak encoding for password in UDS services

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

CVE-2023-28896

The CVE-2023-28896 entry describes a vulnerability in the Modular Infotainment Platform 3 (MIB3) UDS on Škoda Superb III (3V3) 2.0 TDI (2022). The issue allows an attacker with physical access to decode UDS data transmitted over the CAN bus, indicating weak or insufficient protection of the diagn...