Lucene search
K

796 matches found

NVD
NVD
added 2026/06/28 5:16 a.m.12 views

CVE-2026-10644

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS0.00148EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:2 a.m.8 views

CVE-2026-10644

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS6.2AI score0.00148EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/28 4:2 a.m.42 views

CVE-2026-10644 Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS0.00148EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/28 4:2 a.m.7 views

CVE-2026-10644 Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS6.2AI score0.00148EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 12:0 a.m.9 views

CVE-2026-38571

The CVE-2026-38571 case concerns the Tenda N300 F3 device (version V603), where the unauthenticated UART debug console stores WPA2 credentials in cleartext and does not require authentication for rr/wr memory read/write commands. This enables a physically proximate attacker to extract stored WPA2...

4.6CVSS6AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

4.6CVSS0.00185EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/24 9:32 p.m.4 views

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

4.6CVSS6.1AI score0.00185EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 9:32 p.m.24 views

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

4.6CVSS0.00185EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 9:32 p.m.12 views

CVE-2026-10642

The CVE-2026-10642 issue affects the Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) where pl011_irq_tx_enable() can spin in an unbounded loop when CTS hardware flow control is enabled and CTS is de-asserted by the peer. This causes the TX interrupt to remain masked and the controller to s...

4.6CVSS5.9AI score0.00185EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/24 9:32 p.m.3 views

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

4.6CVSS6.1AI score0.00185EPSS
Exploits1References5
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53073

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc: Clear HCIUARTPROTOINIT on error When hciregisterdev fails in hciuartregisterdev HCIUARTPROTOINIT is not cleared before calling hu-proto-closehu and setting hu-hdev to NULL. This means incoming UART data will...

0.00172EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:30 p.m.12 views

CVE-2026-53073

CVE-2026-53073 concerns the Linux kernel Bluetooth HCI LDISC: when hci_register_dev() fails in hci_uart_register_dev(), HCI_UART_PROTO_INIT wasn’t cleared before closing and NULLing the HCI device, allowing incoming UART data to reach the protocol recv path after resources are freed. The fix adds...

5.8AI score0.00172EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-52101

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...

6.5CVSS6AI score0.00185EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where HCI UART PROTO INIT is not cleared when hci register dev fails within the hci uart register dev function. This failure allows incoming UA...

6AI score0.00172EPSS
Exploits0References17
NVD
NVD
added 2026/06/12 7:16 p.m.15 views

CVE-2026-50099

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:24 p.m.13 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:24 p.m.15 views

CVE-2026-50099

CVE-2026-50099 affects Naxclow IoT platform firmware. During WiFi association, the device prints host network SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. UART pads are labeled, run with default serial settings, and drop to an interactive RT-T...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.12 views

SUSE CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

5.5CVSS5.4AI score0.00185EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/08 4:34 p.m.11 views

CVE-2026-46275

A flaw was found in the Linux kernel's Bluetooth hciuart component. Lifecycle management issues, including Use-After-Free UAF and race conditions, were identified during the closing and initialization paths. These issues can lead to the dereferencing of freed memory, potentially causing system...

7.8CVSS5.7AI score0.00185EPSS
Exploits1References4
Rows per page
Query Builder