Industrial Control Systems (ICS)
Researchers have identified numerous vulnerabilities in serial-to-Ethernet converters from multiple vendors, posing a significant risk to critical infrastructure and industrial environments.
Key Points:- Average of 80 open-source components with ~2500 known vulnerabilities per device.
- Identification of 22 new vulnerabilities, including remote code execution (RCE) and authentication bypass.
- Widespread deployment of these converters across various industries (industrial, retail, healthcare).
Affected: Industrial Control Systems (ICS), Programmable Logic Controllers (PLCs), Point-of-Sale (POS) Systems, Medical Devices (Patient Monitors), SCADA systems, Remote Terminal Units (RTUs)
Edge AI Devices
Grinn and Thistle are collaborating to integrate secure boot for edge AI devices, addressing the growing cybersecurity concerns associated with distributed AI workloads.
Key Points:- Focus on secure boot implementation for edge AI devices.
- Addresses increased cybersecurity requirements due to broader attack surface at the edge.
- Partnership combines hardware and software solutions for enhanced security.
Affected: Edge AI devices, Embedded systems running AI workloads
Linux Kernel Driver
A vulnerability in the Linux kernel's iavf (Intel Avb) driver can lead to out-of-bounds writes when using ethtool commands, potentially allowing for code execution.
Key Points:- Out-of-bounds writes in iavf_get_ethtool_stats() due to incorrect queue usage.
- Triggered by simultaneous 'ethtool -L' and 'ethtool -S' commands.
- KASAN detected the vulnerability, indicating a memory corruption issue.
Affected: Embedded Linux devices utilizing the Intel Avb driver, Network appliances with embedded Linux running the iavf driver (e.g., routers, switches), Industrial control systems with embedded Linux and network interfaces.
Linux Kernel
A memory corruption vulnerability in the Linux kernel's macb (Marvell Ethernet) driver can lead to out-of-bounds writes when retrieving statistics, potentially allowing for privilege escalation.
Key Points:- Out-of-bounds write vulnerability in the macb driver.
- The issue arises from a mismatch between memory reserved for statistics and the amount of data written.
- KASAN detected the vulnerability, indicating a memory safety issue.
Affected: Embedded Linux devices using the macb driver, Raspberry Pi (as demonstrated by the KASAN report), Any system utilizing a kernel with the vulnerable macb driver version
Linux Kernel
A use-after-free vulnerability in the fsl_lpspi SPI driver for the Linux kernel can lead to a NULL pointer dereference during DMA transfers.
Key Points:- The vulnerability is a use-after-free (UAF) in the fsl_lpspi driver.
- It occurs due to an incorrect teardown order when the SPI controller is unregistered and DMA channels are torn down.
- A running SPI transfer can trigger the NULL pointer dereference.
Affected: Embedded Linux devices using Freescale/NXP LPSPI controllers, Industrial control systems, IoT devices, automotive ECUs (potentially), Any system running a vulnerable Linux kernel version with the fsl_lpspi driver.
Spaceflight/Embedded Software Development Framework
A vulnerability in the FΒ΄ framework allows attackers to write arbitrary data to any file at any offset on embedded targets due to an integer overflow in bounds checking and lack of destination path sanitization, potentially leading to remote code execution.
Key Points:- Integer overflow in bounds check bypasses file size validation.
- Lack of destination path sanitization allows arbitrary file writes.
- Impact is remote code execution on embedded targets.
Affected: Embedded systems utilizing FΒ΄ framework, Spaceflight applications using FΒ΄ framework
Wireless Communication & Embedded OS
This article details the successful reverse engineering of AES-CCM encryption within a proprietary protocol running on Nordic Semiconductor's nRF52840 chip, commonly used in embedded devices.
Key Points:- Successful reverse engineering of AES-CCM encryption on nRF52840.
- Discovery of code handling encryption and decryption of RF packets in a proprietary protocol.
- Highlights challenges faced during reverse engineering (lack of symbols, no strings).
Affected: nRF52840-based devices, Devices utilizing proprietary protocols over Bluetooth Low Energy (BLE)
Linux Kernel
CVE-2026-31530 describes a use-after-free vulnerability in the Linux kernel's CXL (Compute Express Link) port management code, potentially leading to memory corruption.
Key Points:- Use-after-free vulnerability in cxl_detach_ep() function.
- Occurs during bottom-up removal of CXL memory devices.
- Two distinct scenarios lead to the use-after-free, both involving operations on freed memory.
Affected: Embedded Linux devices, Systems utilizing the CXL driver in the Linux kernel
Linux Kernel
A memory access vulnerability in the Linux kernel's perf subsystem could lead to crashes or potential information disclosure due to incorrect PMU context usage.
Key Points:- The vulnerability involves an out-of-bound memory access in x86_pmu_del() when group_sched_in() fails.
- Incorrect PMU (Performance Monitoring Unit) context handling is the root cause, particularly with software events.
- The fix involves ensuring all inherited counters and event reads use pmu_ctx->pmu, aligning context usage across different scenarios.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using Linux
Linux Kernel
A use-after-free (UAF) vulnerability in the Linux kernel's driver core can be exploited when a driver is probed, potentially leading to system compromise.
Key Points:- The vulnerability resides in the driver core's __driver_attach() function.
- It involves accessing the 'driver_override' field without proper locking, leading to a UAF.
- The fix utilizes the driver-core driver_override infrastructure with internal locking to prevent the vulnerability.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems utilizing embedded Linux
Linux Kernel
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows for potential lock contention and resource leaks due to improper exception handling within subprograms, potentially leading to system instability.
Key Points:- The vulnerability lies in the `bpf: Fix exception exit lock checking for subprogs` code.
- Incorrect handling of locks during BPF program exceptions (specifically when `bpf_throw()` is called from a static subprog) can lead to resource leaks.
- The fix involves ensuring proper lock validation during exception exits, regardless of the frame context.
Affected: Embedded Linux devices, Linux-based routers and gateways, Industrial control systems using embedded Linux, Automotive infotainment systems with Linux-based BPF usage (e.g., network packet filtering)
Linux Kernel
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) interpreter can lead to out-of-bounds map value access due to undefined behavior when handling the minimum signed 32-bit integer during division and modulo operations.
Key Points:- The vulnerability lies within the BPF interpreter, a key component for packet filtering and tracing.
- The issue stems from undefined behavior when using the `abs()` macro on the minimum signed 32-bit integer (INT_MIN).
- This undefined behavior can be exploited to cause out-of-bounds access to BPF maps, potentially leading to code execution.
Affected: Embedded Linux devices, Systems utilizing the Linux kernel with BPF enabled (e.g., routers, firewalls, IoT devices)
Linux Kernel
A bounds check was added to the Linux kernel's module loader to prevent a kernel panic caused by an out-of-bounds st_shndx value in ELF symbols.
Key Points:- The vulnerability occurs in the simplify_symbols() function of the module loader.
- An out-of-bounds st_shndx value (e.g., SHN_XINDEX or SHN_HIRESERVE) can trigger a kernel panic.
- The issue was discovered due to a bug in llvm-objcopy.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using Linux, Automotive infotainment systems (if running embedded Linux)
Linux Kernel
A race condition in the Btrfs filesystem within the Linux kernel can lead to corrupted subvolumes and potential filesystem instability, requiring manual intervention.
Key Points:- Race condition between subvolume creation and deletion/lookup.
- Subvolumes can become 'broken' with invalid dentry entries.
- File system operations on affected subvolumes can fail (ENOENT, EEXIST).
Affected: Embedded Linux devices utilizing Btrfs filesystem, Linux-based routers, NAS devices, and other storage appliances, Any system running a Linux kernel with Btrfs support
Linux Kernel
A bug in the Linux kernel's IP-TFS (IP Tunnel Fragmentation Support) module could lead to a panic due to incorrect handling of non-linear SKBs during packet reassembly.
Key Points:- The vulnerability resides in the iptfs_reassem_cont() function.
- It involves incorrect handling of non-linear SKBs (socket buffer) during IP-TFS reassembly.
- The bug triggers an SKB_LINEAR_ASSERT check, resulting in a kernel panic.
Affected: Embedded Linux devices, Network appliances running Linux (routers, firewalls), Industrial control systems utilizing embedded Linux, Automotive infotainment systems with Linux connectivity
Linux Kernel
A race condition in the Linux kernel's XFRM (Extended Flow Table) subsystem could lead to a crash or potential memory corruption when a net namespace is torn down while a workqueue item associated with policy hashing is still running.
Key Points:- The vulnerability involves a race condition between net namespace teardown and a workqueue callback (xfrm_hash_rebuild()).
- Dereferencing freed memory is possible if the net namespace is torn down before the workqueue callback completes.
- The fix synchronizes policy_hthresh.work in xfrm_policy_fini() to prevent the race condition.
Affected: Embedded Linux devices, Network Routers/Gateways, Firewalls, Industrial Control Systems (ICS) utilizing Linux, Automotive Infotainment systems with VPN connectivity
Linux Kernel
A vulnerability in the Linux kernel's af_key subsystem could lead to a crash due to improper validation of families, potentially triggered by truncated arguments during migration.
Key Points:- The vulnerability resides in the af_key subsystem, specifically pfkey_send_migrate().
- Syzybot triggered a crash in skb_put() due to the issue.
- The root cause is insufficient validation of families, allowing a truncated argument to potentially overfill an skb.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using Linux, Automotive infotainment systems (if utilizing a vulnerable kernel version)
Linux Kernel - Bluetooth Stack
A stack-out-of-bounds read vulnerability in the Linux kernel's L2CAP protocol allows a malformed Enhanced Credit Based Connection Request to trigger a KASAN panic.
Key Points:- Vulnerability resides in the L2CAP protocol within the Linux kernel.
- Triggered by a malformed Enhanced Credit Based Connection Request (ECRED).
- Stack-out-of-bounds read occurs due to incorrect length calculation.
Affected: Linux-based embedded systems, Devices utilizing Bluetooth with a vulnerable Linux kernel version
Linux Kernel
A vulnerability in the Linux kernel's L2CAP implementation allows for a potential out-of-bounds read due to improper validation of packet lengths, impacting devices utilizing Bluetooth.
Key Points:- Vulnerability exists in the L2CAP (Logical Link Control and Adaptation Protocol) within the Linux kernel.
- The vulnerability occurs in `l2cap_ecred_data_rcv()` due to missing validation of the SDU length field.
- A potential out-of-bounds read can occur if the packet size is less than expected.
Affected: Embedded Linux devices, Devices utilizing Bluetooth connectivity (smartphones, IoT devices, automotive systems)
Linux Kernel
A dangling pointer vulnerability in the Linux kernel's Bluetooth management (MGMT) subsystem could lead to a use-after-free condition, potentially allowing for code execution.
Key Points:- The vulnerability resides in the Bluetooth MGMT subsystem.
- A dangling pointer is created due to incorrect condition checking within mgmt_add_adv_patterns_monitor_complete.
- Dereferencing the freed memory could lead to a crash or potentially code execution.
Affected: Embedded Linux devices, Linux-based IoT devices, Devices utilizing Bluetooth Low Energy (BLE)
Linux Kernel
A null pointer dereference vulnerability in the Linux kernel's Bluetooth L2CAP subsystem could lead to a crash.
Key Points:- Null pointer dereference in l2cap_sock_ready_cb function.
- KASAN detected the issue, indicating a memory safety violation.
- The vulnerability occurs when using an uninitialized socket pointer.
Affected: Embedded Linux devices, IoT devices with Bluetooth connectivity, Automotive infotainment systems (potentially), Industrial control systems utilizing Linux-based platforms with Bluetooth
Linux Kernel Driver
A race condition in the Open vSwitch (OVS) netdev teardown code within the Linux kernel can lead to a general protection fault, potentially allowing for denial of service.
Key Points:- Race condition during netdev teardown in OVS.
- Device freed before unregistration completes, leading to a splat (kernel panic).
- Occurs when the RTNL mutex is not properly acquired during device teardown.
Affected: Linux Kernel (6.12 and potentially earlier versions), Embedded Linux systems utilizing Open vSwitch, Network devices running embedded Linux with OVS
Linux Kernel
A use-after-free vulnerability in the Linux kernel's SMC (Serial Management Controller) subsystem allows for a potential crash or exploitation when using the tee() system call to duplicate splice pipe buffers.
Key Points:- Use-after-free vulnerability in the Linux kernel's SMC subsystem.
- Triggered by tee() system call duplicating splice pipe buffers.
- Double-free of smc_spd_priv leads to a kernel panic and potential exploitation.
Affected: Embedded Linux systems, Systems utilizing the SMC subsystem (e.g., network devices, storage controllers)
Linux Kernel
A use-after-free (UAF) vulnerability in the Linux kernel's networking subsystem allows for potential code execution due to a race condition during device up events.
Key Points:- Race condition in `packet_release()` function.
- NETDEV_UP event can re-register a socket into a fanout group's array before cleanup.
- Dangling pointer in the fanout array due to missing cleanup by `fanout_release()`.
Affected: Embedded Linux devices, Linux-based routers/gateways, Network switches/firewalls, Any device utilizing a vulnerable Linux kernel version
Linux Kernel
A conflict in UDP socket binding within the Linux kernel can lead to unexpected successful binds due to incorrect hash table usage, potentially allowing attackers to bypass address restrictions.
Key Points:- The vulnerability lies in the UDP socket binding logic within the Linux kernel.
- It involves incorrect usage of hash tables (hash and hash2) for collision detection.
- The issue can be exploited by rapidly binding multiple sockets to the same port on different addresses.
Affected: Embedded Linux devices, Linux-based routers and gateways, Industrial control systems using embedded Linux, Automotive infotainment systems with Linux-based OS
Linux Kernel
A type confusion vulnerability in the Linux kernel's team driver can lead to a crash when interacting with non-Ethernet ports, potentially affecting embedded systems utilizing this networking functionality.
Key Points:- The vulnerability involves a type confusion issue within the team driver.
- It occurs when non-Ethernet ports are involved, leading to incorrect context during callback execution.
- The crash occurs in bond_header_create() due to the team device calling inherited header_ops with its own net_device.
Affected: Embedded Linux devices, Network appliances running Linux
Linux Kernel
A use-after-free vulnerability in the Linux kernel's Texas Instruments iCSSG-PRUETH driver can lead to crashes or potential code execution when processing network packets with timestamping enabled.
Key Points:- The vulnerability resides in the iCSSG-PRUETH driver, a network interface driver.
- It's triggered by a use-after-free condition when accessing 'psdata' after the descriptor is freed.
- The timestamping path in packet processing (emac_rx_timestamp()) is affected.
Affected: Embedded Linux systems using the Texas Instruments iCSSG-PRUETH driver, Industrial control systems, networking equipment, and other embedded devices utilizing this driver
Linux Kernel
A data race in the Linux kernel's Bluetooth Intel (btintel) driver leads to a slab-use-after-free vulnerability when handling HCI commands, potentially allowing for denial of service.
Key Points:- The vulnerability is in the Linux kernel's Bluetooth driver (btintel).
- A data race occurs between hci_dev_do_close() and btintel_hw_error().
- The race condition leads to a slab-use-after-free in kfree_skb().
Affected: Embedded Linux devices with Bluetooth support, Devices using the Intel Bluetooth chipset and the Linux kernel's btintel driver
Linux Kernel
A deadlock vulnerability in the Linux kernel's L2CAP Bluetooth implementation could lead to system instability or denial of service.
Key Points:- Deadlock vulnerability in l2cap_conn_del() function.
- The deadlock occurs due to lock contention between the main thread and work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()).
- The fix involves reordering work cancellations and using disable_delayed_work_sync() to prevent rearming.
Affected: Embedded Linux devices, Linux-based IoT devices with Bluetooth support, Automotive infotainment systems (if using Linux), Industrial control systems with Bluetooth connectivity
Linux Kernel
A memory leak and potential denial-of-service vulnerability exists in the Linux kernel's Bluetooth L2CAP implementation due to improper resource management and lack of input validation.
Key Points:- Memory leak in L2CAP due to unfreeing allocated ERTM resources during reconfiguration.
- Potential denial-of-service (DoS) vulnerability due to an infinite loop in l2cap_segment_sdu() when pdu_len is zero.
- The vulnerability affects Bluetooth reconfiguration (MTU changes) within connected channels.
Affected: Embedded Linux devices with Bluetooth support, Linux-based routers and gateways, Automotive infotainment systems (if using Bluetooth), IoT devices with Bluetooth connectivity
Linux Kernel
A vulnerability in the Linux kernel's Bluetooth USB driver (btusb) allows for potential out-of-bounds access due to improper bounds checking when mapping SCO (Synchronous Connection-Oriented) links to USB alternate settings.
Key Points:- The vulnerability lies in the btusb driver within the Linux kernel.
- It involves incorrect indexing of a lookup table used for SCO link management.
- The vulnerability could potentially lead to memory corruption or denial-of-service if exploited.
Affected: Embedded Linux devices with Bluetooth capabilities, Linux-based routers, gateways, and access points with Bluetooth support, Automotive infotainment systems using Linux-based Bluetooth stacks
Linux Kernel
A vulnerability in the Linux kernel's netfilter/ctnetlink subsystem was resolved by implementing stricter range checks using netlink policy annotations, preventing potential undefined behavior and security issues.
Key Points:- The vulnerability involved incorrect range validations within the ctnetlink code paths.
- The fix implements netlink policy annotations to reject invalid values early, improving security and preventing undefined behavior.
- Specific fixes address issues related to CTA_PROTOINFO_TCP_STATE, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL/REPLY, CTA_FILTER_ORIG_FLAGS/REPLY_FLAGS and CTA_EXPECT_FLAGS.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using Linux, Automotive infotainment systems (if running embedded Linux)
Linux Kernel
A use-after-free vulnerability in the Linux kernel's RDMA/efa subsystem could lead to memory corruption and potential code execution.
Key Points:- The vulnerability occurs in the admin queue completion handling within RDMA/efa.
- A use-after-free condition arises when the completion context is freed before being used to print data.
- The fix involves synchronizing allocation and deallocation of the completion context.
Affected: Embedded Linux devices, Systems utilizing RDMA/efa drivers
Linux Kernel
A vulnerability in the Linux kernel's RDMA subsystem could lead to a crash or potential memory corruption due to improper initialization of completion queues.
Key Points:- The vulnerability resides in the RDMA (Remote Direct Memory Access) subsystem of the Linux kernel.
- The issue occurs in `irdma_create_qp` when an error during data copying leads to a cleanup process that accesses uninitialized memory.
- The fix involves initializing the completion queue before attempting to use it, preventing a potential race condition or crash.
Affected: Embedded Linux devices, Networking equipment, Storage controllers, Industrial automation systems
Linux Kernel
CVE-2026-31491 addresses an integer overflow vulnerability in the Linux kernel's RDMA subsystem that could lead to incorrect depth calculations and potential denial of service.
Key Points:- Integer overflow vulnerability in RDMA (Remote Direct Memory Access) subsystem.
- The vulnerability occurs due to incorrect handling of large size values (U32_MAX) for SQ/RQ/SRQ.
- The fix involves performing all depth calculations and boundary checks using u64 sizes to prevent truncation.
Affected: Embedded Linux devices, Networking equipment using RDMA, Storage systems utilizing RDMA
Linux Kernel
A use-after-free vulnerability in the Intel Xe graphics driver within the Linux kernel could lead to system instability or potential code execution.
Key Points:- The vulnerability resides in the DRM (Direct Rendering Manager) subsystem, specifically within the Intel Xe graphics driver.
- It involves a use-after-free condition during migration restore operations, triggered by an error return.
- The fix involves setting a pointer to NULL after an error, preventing subsequent calls from accessing freed memory.
Affected: Embedded Linux devices, Automotive Infotainment Systems, Industrial Control Systems with graphics
Linux Kernel
A memory leak and potential use-after-free vulnerability in the AMDGPU driver of the Linux kernel can occur when external displays are connected or disconnected, impacting systems utilizing this driver.
Key Points:- The vulnerability lies within the AMDGPU driver's DSC (Display Stream Compression) validation logic.
- Incorrect handling of mode changes during DSC configuration pre-computation leads to a memory leak and potential use-after-free.
- The issue is triggered by scenarios involving external displays (e.g., DP-MST screens) and integrated panels, particularly when HDR settings change.
Affected: Embedded Linux systems using the AMDGPU driver, Automotive infotainment systems with AMD GPUs, Industrial control systems utilizing embedded Linux and AMD graphics, Any device running a vulnerable version of the Linux kernel with the AMDGPU driver.
Linux Kernel
A use-after-free (UAF) vulnerability in the Linux kernel's SPI driver could be exploited due to improper locking when accessing the driver_override field during device probing.
Key Points:- The vulnerability resides in the Linux kernel's SPI driver.
- It involves a UAF condition due to lack of proper locking during the __driver_attach() process.
- The fix utilizes the driver-core's driver_override infrastructure with internal locking mechanisms.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using SPI
Linux Kernel
A race condition vulnerability in the Linux kernel's PMBus regulator handling was resolved by introducing mutex protection, but a deadlock was encountered and addressed through the use of a worker function to handle notifications.
Key Points:- Race condition in PMBus regulator voltage operations (get, set, list).
- Mutex protection introduced to prevent race conditions.
- Deadlock encountered due to callback calls from within the mutex lock.
Affected: Embedded Linux devices, Industrial control systems (ICS) utilizing PMBus regulators, Automotive ECUs with Linux-based power management
Linux Kernel
CVE-2026-31483 addresses a Spectre-like vulnerability in the s390 architecture's syscall dispatch table, allowing user space to potentially bypass security boundaries.
Key Points:- The vulnerability lies in the Linux kernel's s390 architecture.
- User space can directly control syscall numbers, bypassing a necessary boundary check (array_index_nospec()).
- This could lead to Spectre-like exploitation, potentially allowing unauthorized code execution.
Affected: Embedded Linux devices, s390-based systems (mainframes, servers), Any system running a vulnerable Linux kernel version
Linux Kernel
A memory leak and potential NULL pointer dereference vulnerability in the Linux kernel's tracing subsystem can lead to a crash if kthread creation fails, potentially impacting embedded systems utilizing Linux.
Key Points:- The vulnerability involves a memory leak in the kernel's tracing subsystem.
- A NULL pointer dereference can occur, leading to a system crash.
- The issue is triggered by specific kernel command line parameters related to tracing events.
Affected: Embedded Linux devices, Industrial control systems using embedded Linux, Automotive infotainment systems with embedded Linux, Network devices running embedded Linux (routers, firewalls)
Linux Kernel
A deadlock vulnerability in the Linux kernel's tracing subsystem, specifically related to CPU hotplug and osnoise, could lead to system instability.
Key Points:- The vulnerability occurs during CPU hotplug operations, specifically when a CPU goes offline.
- A specific sequence of events involving mutex locks and cpus_read/write locks can trigger the deadlock.
- The fix involves reordering lock acquisition to prevent the race condition.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using embedded Linux), Automotive Infotainment systems utilizing embedded Linux, Network devices running embedded Linux
Linux Kernel Driver
A vulnerability in the Intel Xe Direct Rendering Manager (DRM) driver within the Linux kernel can lead to a warning and potentially leave the VM in a bad state due to incorrect virtual memory management during 3D workload processing.
Key Points:- The vulnerability occurs within the DRM/xe driver, specifically related to virtual memory binding and unwinding operations.
- The issue arises from incorrect handling of virtual memory ranges, potentially leading to overlaps and invalid states.
- The root cause is a combination of skipped rebind operations and incorrect shrinkage of the unmap virtual address range.
Affected: Linux Kernel (versions prior to the fix), Embedded systems utilizing Intel Xe graphics drivers (e.g., automotive infotainment, industrial control systems with embedded Linux)
Linux Kernel
A double-free vulnerability in the Linux kernel's ASoC (Audio Subsystem) driver for the sma1307 codec could lead to memory corruption and potentially code execution.
Key Points:- The vulnerability resides in the sma1307 audio codec driver within the Linux kernel.
- The issue is caused by a manual `kfree()` call on memory allocated with `devm_kzalloc()`, leading to a double-free condition.
- This vulnerability could be exploited to cause denial of service or potentially escalate privileges within the system.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A use-after-free vulnerability in the Linux kernel's CAN (Controller Area Network) ISOTP (ISO Transport Protocol) driver could lead to a crash or potential code execution.
Key Points:- The vulnerability resides in the isotp_sendmsg() function within the CAN ISOTP driver.
- A race condition occurs where kfree(so->tx.buf) is called while sendmsg() might still be accessing so->tx.buf.
- The vulnerability is triggered by a signal interrupting the wait_event_interruptible() in close().
Affected: Embedded Linux devices, Automotive ECUs, Industrial PLCs
Linux Kernel
A vulnerability in the Linux kernel's IPSec Transform Socket (IPTFS) implementation allows for a denial-of-service by crafting an ESP packet with a malformed inner IPv4 header, leading to an infinite loop.
Key Points:- The vulnerability resides in the iptfs module of the Linux kernel.
- A crafted ESP packet with a specific inner IPv4 header can trigger an infinite loop in the kernel's softirq context.
- The vulnerability bypasses standard IP header validation performed by the normal IP stack.
Affected: Embedded Linux devices, Network Routers/Gateways, Firewalls, Any system utilizing the Linux kernel with IPSec enabled
Linux Kernel
A vulnerability in the Linux kernel's TDX (Trust Domain Extensions) guest handling could allow a malicious host to leak data beyond the allocated buffer, potentially impacting remote attestation and cross-container isolation.
Key Points:- The vulnerability lies in the handling of 'quote' buffers within the TDX guest environment.
- A malicious host can potentially specify a response length larger than the guest's allocation, leading to out-of-bounds reads.
- The leaked data could be forwarded in attestation requests, compromising remote attestation integrity.
Affected: Embedded Linux devices utilizing TDX, Virtualized environments running on embedded platforms with TDX support, Systems relying on remote attestation in embedded deployments
Linux Kernel
A use-after-free (UAF) vulnerability in the virtio_net driver of the Linux kernel can occur when a network namespace is destroyed while pending skbs are still in the transmit ring, leading to a kernel panic.
Key Points:- UAF vulnerability in virtio_net driver
- Triggered by network namespace destruction with pending skbs
- Requires specific configuration (IFF_XMIT_DST_RELEASE and napi_tx=N)
Affected: Embedded Linux devices, Linux-based routers/gateways, Network appliances using virtio_net driver
Linux Kernel
A deadlock vulnerability in the Linux kernel's erofs filesystem driver can occur due to memory swapping I/O operations during bio completion, potentially leading to system hangs.
Key Points:- The vulnerability resides in the erofs filesystem driver within the Linux kernel.
- It involves a deadlock scenario triggered by memory swapping I/O operations during bio completion.
- The issue is related to the interaction between decompression, vm_map_ram(), and submit_bio_wait.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A race condition in the Linux kernel's huge memory handling (mm/huge_memory) can lead to incorrect folio access, potentially causing system instability or memory corruption on arm64 architectures.
Key Points:- Race condition between deferred_split_scan() and zap_nonpresent_ptes().
- Missing memory barrier (smp_rmb()) in softleaf_to_folio() function.
- Triggers when mTHP splitting and zap_nonpresent_ptes() race.
Affected: Linux Kernel (v6.19-rc1 and prior), Embedded Linux systems, ARM64 based embedded devices
Linux Kernel
A Linux kernel vulnerability related to writeback handling on filesystems without data integrity guarantees (like FUSE) has been resolved, preventing a suspend-to-RAM hang.
Key Points:- The vulnerability occurs in the Linux kernel's writeback mechanism.
- It specifically affects filesystems lacking data integrity guarantees (e.g., FUSE).
- The fix avoids unnecessary waiting on flusher threads during sync operations, preventing a suspend-to-RAM hang.
Affected: Embedded Linux devices, Systems utilizing FUSE filesystems, Devices running a vulnerable version of the Linux Kernel
Linux Kernel
A vulnerability in the Linux kernel's ibmvfc SCSI driver allows a malicious VIO server to leak kernel memory through an out-of-bounds access.
Key Points:- The vulnerability resides in the ibmvfc SCSI driver within the Linux kernel.
- A malicious VIO server can trigger an out-of-bounds memory access by providing a crafted MAD response.
- The vulnerability leads to kernel memory leakage via Implicit Logout and PLOGI MADs.
Affected: Embedded Linux devices, Virtualization platforms using ibmvfc driver
Linux Kernel
A flaw in the Linux kernel's iomap functionality could lead to incorrect folio management, potentially causing data corruption or other issues related to block I/O operations.
Key Points:- The vulnerability lies within the iomap subsystem of the Linux kernel.
- It involves incorrect handling of folio access when the I/O granularity differs from the block size.
- The flaw can lead to incorrect folio invalidation, potentially impacting data integrity during I/O operations.
Affected: Embedded Linux devices, Linux-based routers and gateways, Industrial control systems using embedded Linux, Automotive infotainment systems with Linux, Any device utilizing a kernel version containing this vulnerability
Linux Kernel
A vulnerability in the AMDGPU DRM driver within the Linux kernel was resolved to prevent potential interrupt issues caused by immediate PASID reuse, which could lead to page fault handling problems.
Key Points:- The vulnerability resides within the AMDGPU DRM driver, a core component for graphics processing on many embedded systems.
- PASID reuse issue could lead to interrupt handling problems and potential instability.
- The fix involves using an IDR cyclic allocator, similar to how kernel PIDs are managed.
Affected: Embedded Linux devices with AMDGPU drivers, Automotive infotainment systems (potentially), Industrial control systems utilizing embedded Linux
Linux Kernel
A race condition in the Linux kernel's memory management (mm/pagewalk) can lead to a crash when concurrent threads attempt to split a page table entry (PUD) while another thread is refaulting it, particularly when using VFIO-PCI with large BARs.
Key Points:- Race condition in Linux kernel's pagewalk code.
- Triggered by concurrent split of a PUD entry and refaulting.
- VFIO-PCI with large BARs is a known trigger, indicating relevance to virtualization and potentially hardware pass-through scenarios.
Affected: Linux Kernel (all versions affected), Systems utilizing VFIO-PCI with large BARs, Embedded systems running Linux (e.g., routers, gateways, industrial controllers)
Linux Kernel
A race condition in the XFS filesystem's unmount sequence could lead to data corruption or system instability, particularly relevant in embedded systems utilizing Linux.
Key Points:- The vulnerability resides within the XFS filesystem, a common component of embedded Linux distributions.
- It involves a race condition between background reclaim and inodegc, potentially corrupting the AIL (Active Inode List) during unmounting.
- The fix requires reordering operations to prevent concurrent access and ensure data integrity, highlighting a low-level concurrency issue.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using Linux, Network Appliances with embedded Linux
Linux Kernel
A vulnerability in the XFS filesystem within the Linux kernel could lead to a crash or potential memory corruption due to a race condition involving log item freeing and dereferencing.
Key Points:- The vulnerability resides within the XFS filesystem, a common component of embedded Linux distributions.
- A race condition occurs where a log item is freed while still being referenced after a callback.
- The fix involves capturing necessary data before pushing the log item and introducing a new trace event class to avoid dereferencing freed memory.
Affected: Embedded Linux devices, Industrial control systems using Linux, Networking equipment running Linux
Linux Kernel
A bug in the Linux ext4 filesystem could lead to a kernel crash when truncating files larger than their inline data capacity, potentially impacting embedded systems utilizing Linux.
Key Points:- The vulnerability lies within the ext4 filesystem of the Linux kernel.
- Truncating a file beyond its inline data capacity while the 'inline' flag is set can trigger a kernel BUG_ON().
- The fix involves converting files to extent-based storage when the size exceeds the inline capacity.
Affected: Embedded Linux devices, Industrial control systems using embedded Linux, Network appliances running embedded Linux, Automotive infotainment systems with embedded Linux
Linux Kernel
A race condition in the Linux kernel's ext4 filesystem allows a concurrent reader to observe an uninitialized jinode, potentially leading to a crash.
Key Points:- Race condition in ext4 filesystem
- Uninitialized jinode observed by concurrent reader
- Crash due to dereferencing i_vfs_inode before it's set
Affected: Linux Kernel (6.18 and potentially earlier versions), Embedded Linux systems, Devices utilizing ext4 filesystem (e.g., routers, NAS devices, industrial control systems)
Linux Kernel
A vulnerability in the ext4 filesystem of the Linux kernel allows for a slab-out-of-bounds read due to improper bounds checking on index pointers, potentially leading to information disclosure or denial of service.
Key Points:- The vulnerability resides in the ext4 filesystem's extent tree code.
- A corrupted or crafted on-disk extent header can trigger the vulnerability.
- The issue occurs due to missing bounds validation when accessing index entries (p_idx).
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A vulnerability in the ext4 filesystem of the Linux kernel can lead to an infinite loop and potential metadata corruption, impacting systems utilizing this filesystem.
Key Points:- The vulnerability occurs during extent mapping and block allocation within the ext4 filesystem.
- Failed extent insertion can lead to a scenario where multiple filesystems components (directory and xattr) contend for the same block.
- This contention results in an infinite loop, potentially blocking processes for extended periods and leading to system instability.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using embedded Linux, Network appliances with embedded Linux, Automotive infotainment systems (potentially), Any device utilizing the ext4 filesystem within a Linux kernel
Linux Kernel
A use-after-free vulnerability in the ext4 filesystem of the Linux kernel could lead to system instability or potential code execution.
Key Points:- The vulnerability resides in the ext4 filesystem within the Linux kernel.
- It involves a use-after-free condition during unmounting operations, specifically related to sysfs notifications.
- A race condition between umount and filesystem updates triggers the vulnerability.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using Linux, Network appliances running embedded Linux, Automotive infotainment systems (if using ext4)
Linux Kernel
A vulnerability in the Linux kernel's DAMON (Dynamic Allocation Memory Online) subsystem could lead to unexpected behavior or NULL pointer dereferences due to partially committed memory contexts.
Key Points:- The vulnerability arises from potential internal memory allocation failures within the DAMON subsystem.
- Partially updated or corrupted 'damon_ctx' objects could be used, leading to unpredictable behavior.
- The fix introduces a 'maybe_corrupted' flag to prevent the use of potentially corrupted contexts.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using embedded Linux
Linux Kernel
A use-after-free vulnerability in the Linux kernel's SMB daemon (ksmbd) could lead to a crash or potential code execution.
Key Points:- The vulnerability resides in the `smb_grant_oplock()` function within the ksmbd module.
- It involves a use-after-free condition due to improper handling of oplock publication sequences.
- A NULL dereference vulnerability is also present, potentially exploitable during lease key searches.
Affected: Embedded Linux devices, Linux-based routers/gateways, Networked storage systems using SMB, Any system running a vulnerable Linux kernel version
Linux Kernel
A memory access vulnerability in the Linux kernel's DMA engine (idxd) could lead to crashes or potential exploitation due to improper handling of Function Level Resets (FLR).
Key Points:- The vulnerability resides in the DMA engine's idxd driver.
- It occurs during Function Level Resets (FLR) when scratch area allocation fails after a successful initial reset.
- The fix involves ensuring the deallocated scratch area is set to NULL after FLR completion.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel
A bug in the Xilinx DMA engine driver for the Linux kernel could lead to incorrect error handling, potentially causing system instability or memory corruption.
Key Points:- The vulnerability resides in the DMA engine driver for Xilinx devices.
- `devm_regmap_init_mmio` was returning an error pointer instead of NULL upon failure.
- The fix involves proper error checking and using the correct error code from `ERR_PTR()`.
Affected: Embedded Linux devices using Xilinx DMA engines, Industrial PLCs utilizing embedded Linux with Xilinx hardware
Linux Kernel
A vulnerability in the Linux kernel's DMA engine (idxd) could lead to NULL pointer dereferences, descriptor leaks, or double completion due to incorrect descriptor handling.
Key Points:- The vulnerability resides in the `llist_abort_desc()` function within the DMA engine's idxd driver.
- Incorrect descriptor completion can cause various issues, including NULL pointer dereferences and resource leaks.
- This affects systems utilizing DMA (Direct Memory Access) which is prevalent in embedded devices.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using Linux, Network appliances running embedded Linux, Automotive ECUs utilizing DMA
Linux Kernel
A vulnerability in the Linux kernel's netfs subsystem could lead to abandonment of read requests during retry, potentially causing instability or denial-of-service.
Key Points:- The vulnerability resides in the netfs subsystem, which handles network file system operations.
- A race condition during retry can lead to incorrect abandonment of subrequests.
- The fix involves ensuring the 'subreq' variable is properly initialized and cleared to prevent accessing invalid memory.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using embedded Linux
SATCOM Terminal / Space Systems
The U.S. Space Systems Command has awarded a contract for the development of a Commercial Satellite Operations (CSO) prototype, focusing on secure and resilient satellite command and control.
Key Points:- The contract focuses on developing a CSO prototype, indicating a move towards commercial entities managing satellite operations.
- Security and resilience are key requirements for the CSO prototype, implying a focus on protecting satellite command and control infrastructure from cyber threats.
- The system will likely involve embedded systems within ground stations, satellites themselves, and associated communication infrastructure.
Affected: Ground Stations, Satellites, Communication Links
5G Networks
A memory leak vulnerability in free5GC's UDR (PCF) allows unauthenticated attackers to cause a denial-of-service by exhausting memory through repeated HTTP requests.
Key Points:- Memory leak vulnerability in free5GC's UDR (PCF)
- Unauthenticated attacker can trigger the vulnerability via HTTP requests to the OAM endpoint.
- Root cause is improper CORS middleware registration, leading to uncontrolled memory growth.
Affected: free5GC PCF, 5G Core Network Infrastructure
Regulatory Compliance & Embedded Systems
The European Union's Cyber Resilience Act (EU CRA) is a significant regulatory shift that will impact manufacturers of digital products, including those containing embedded systems, by establishing baseline security requirements.
Key Points:- The EU CRA shifts cybersecurity focus upstream, impacting product design and maintenance.
- Manufacturers will need to demonstrate security by design and ongoing vulnerability management.
- The act applies to a broad range of digital products, many of which contain embedded systems.
Affected: Embedded Linux devices, IoT Devices, Automotive ECUs, Industrial PLCs, All digital products with embedded systems sold in the EU
Smart Contracts/Blockchain Infrastructure
A heap corruption vulnerability exists in the Noir compiler's Brillig bytecode generation due to incorrect memory allocation for nested arrays, potentially allowing attackers to exploit foreign function calls.
Key Points:- Heap corruption vulnerability in Brillig VM heap
- Incorrect memory allocation for nested arrays with composite types (e.g., tuples)
- Vulnerability arises from a bug in `allocate_foreign_call_result_array()`
Affected: Noir compiler, Brillig VM
Linux Kernel/Browser Security
Anthropic's Claude Mythos AI model discovered 271 vulnerabilities in Firefox version 148, highlighting the potential of AI to accelerate vulnerability discovery and shift the balance in cybersecurity.
Key Points:- AI (Claude Mythos) found significantly more vulnerabilities than previous AI tools (Opus).
- The article discusses the implications of this discovery for security teams, emphasizing continuous validation and rapid patching.
- It highlights the need to defend AI models themselves as they become high-value targets.
Affected: Firefox Browser (version 148 and potentially earlier), Software utilizing similar codebases/vulnerability patterns, AI security infrastructure (Anthropic's Claude Mythos)
Linux Kernel/Build Tooling
Malicious versions of developer tools pgserve and automagik were injected into the npm registry, designed to steal credentials and propagate through connected systems via a supply chain worm.
Key Points:- Malicious npm packages (pgserve, automagik) contain credential-harvesting malware.
- The malware is a supply chain worm, capable of injecting itself into other packages if it finds an npm publish token.
- Stolen data is exfiltrated to a decentralized Internet Computer Protocol (ICP) canister.
Affected: Developer workstations, CI/CD pipelines, npm registry ecosystem, Embedded systems projects utilizing compromised tools (indirectly)
Storage Systems/Firmware
IBM Total Storage Service Console (TSSC) and TS4500 IMC versions 9.2 through 9.6 are vulnerable to arbitrary command execution due to insufficient input validation, allowing unauthenticated users to gain access with normal user privileges.
Key Points:- Unauthenticated command execution vulnerability
- Impacts IBM TSSC and TS4500 IMC devices.
- CVSS score of 7.3 (High)
Affected: IBM Total Storage Service Console (TSSC), TS4500 IMC
5G Networks
T-Mobile is now delivering its 5G home internet gateway devices via DoorDash, allowing for same-day installation and setup.
Key Points:- T-Mobile is leveraging DoorDash for rapid delivery of its 5G home internet gateways.
- Customers are responsible for self-installation, which involves physical setup of the gateway device.
- This rapid deployment model highlights the reliance on embedded hardware (the gateway) for delivering internet services.
Affected: T-Mobile 5G Home Internet Gateway (embedded OS, firmware), DoorDash delivery logistics
Reverse Engineering Tools/Firmware Analysis
A command injection vulnerability in radare2's PDB parser allows arbitrary OS command execution when processing malicious PDB files, potentially impacting embedded systems firmware analysis workflows.
Key Points:- Command injection vulnerability in radare2's PDB parser.
- Malicious PDB files with newline characters in symbol names can trigger the vulnerability.
- Exploitation occurs when users run the 'idp' command against these files.
Affected: radare2 users (developers, reverse engineers, security researchers), Embedded systems developers/analysts using radare2 for firmware analysis
General Embedded Security
The article discusses the potential of digital twins to enhance cybersecurity by enabling proactive, intelligence-driven security models.
Key Points:- Digital twins can provide a virtual replica of physical systems, allowing for security testing and analysis without impacting the live system.
- Organizations can use digital twins to identify vulnerabilities, simulate attacks, and develop mitigation strategies before they are exploited in the real world.
- This proactive approach can significantly improve an organization's overall security posture, particularly for complex embedded systems.
Affected: Embedded Systems
Robotics/Consumer Device
Sony's new AI robot, capable of defeating humans in table tennis, utilizes embedded systems and low-level control for its physical movements and AI processing.
Key Points:- The robot relies on embedded systems for real-time control and decision making.
- AI algorithms are likely implemented within the robot's embedded processor(s).
- Low-level motor control and sensor integration are crucial for the robot's performance, representing embedded system concerns.
Affected: Embedded Processor(s), Motor Control System, Sensor Integration
Mobile Device (Embedded OS)
Apple released iOS 26.4.2 to address bugs and security vulnerabilities on iPhones, which utilize an embedded operating system.
Key Points:- iOS is a mobile operating system with embedded components.
- The update addresses security vulnerabilities, indicating potential low-level concerns.
- iPhone hardware and software are tightly integrated, making security updates relevant to embedded system analysis.
Affected: iOS 26.4.1, iPhone (all models running iOS)
Smart Home Device
The Beghelli Sicuro24 SicuroWeb device, a smart home security panel, is vulnerable to arbitrary JavaScript execution due to the use of AngularJS 1.5.2 and a template injection vulnerability, allowing attackers to compromise operator browser sessions.
Key Points:- The device utilizes AngularJS 1.5.2, an end-of-life component with known sandbox escape primitives.
- A template injection vulnerability exists within the application, enabling attackers to combine it with AngularJS escape primitives.
- Successful exploitation allows arbitrary JavaScript execution in operator browser sessions, leading to session hijacking and DOM manipulation.
Affected: Beghelli Sicuro24 SicuroWeb, Operator's web browser (potentially embedded or external)
Web Application (potentially deployed on embedded devices)
Xerte Online Toolkits versions 3.15 and earlier are vulnerable to remote code execution due to insufficient input validation allowing attackers to upload and execute malicious PHP code.
Key Points:- Incomplete input validation in the elFinder connector endpoint.
- .php4 files are not properly blocked, allowing for malicious PHP code upload.
- Exploitation combines this flaw with authentication bypass and path traversal vulnerabilities.
Affected: Xerte Online Toolkits servers, Any embedded device running Xerte Online Toolkits (e.g., digital signage, kiosks)
Storage Appliance/Network Attached Storage (NAS)
Dell PowerProtect Data Domain appliances are vulnerable to a stack-based buffer overflow that could allow unauthenticated remote attackers to execute arbitrary commands.
Key Points:- Stack-based buffer overflow vulnerability
- Unauthenticated remote access required for exploitation
- Potential for arbitrary command execution
Affected: Dell PowerProtect Data Domain appliances
Linux Kernel/Web Framework
A critical vulnerability (CVE-2026-40372) has been discovered in Microsoft's ASP.NET Core Data Protection Library, allowing attackers to forge authentication payloads and potentially decrypt sensitive data.
Key Points:- Critical vulnerability (CVSS 9.1) in ASP.NET Core Data Protection Library.
- Impacts Linux, macOS, and Windows systems (where custom algorithms are used).
- Incorrect HMAC validation tag calculation allows attacker to forge authentication tokens.
Affected: ASP.NET Core Applications, Linux Systems, macOS Systems, Windows Systems (with custom cryptographic algorithms)
Software Supply Chain Security (Impacts Embedded Development)
Malicious Docker images of KICS, a tool often used in embedded development workflows for Kubernetes infrastructure compliance, have been discovered on Docker Hub, potentially impacting developers building and deploying embedded systems.
Key Points:- Attackers overwrote existing tags (v2.1.20, alpine) and introduced a fake tag (v2.1.21).
- KICS is used to scan Kubernetes infrastructure, often deployed in embedded environments (e.g., edge computing devices).
- The compromise highlights the risks of relying on public container registries.
Affected: Kubernetes environments, Embedded development workflows using KICS, VS Code installations with affected extensions
Linux Kernel/Build Tooling
A self-propagating worm, CanisterSprawl, is hijacking npm packages to steal developer tokens and spread through the software supply chain.
Key Points:- The worm spreads via compromised npm packages, leveraging stolen developer tokens.
- It utilizes an ICP canister to exfiltrate stolen data.
- Socket and StepSecurity are tracking the activity, highlighting a significant supply chain risk.
Affected: npm ecosystem, JavaScript projects utilizing npm packages, Embedded systems using Node.js or related technologies (e.g., IoT devices, industrial controllers with JavaScript interfaces)
Linux Kernel
A parsing error in the 'kill' utility can lead to unintended termination of all processes visible to the caller by sending a signal to PID -1, potentially causing system crashes or data loss.
Key Points:- The vulnerability lies in the 'kill' utility, a core component of many Linux-based systems.
- Sending 'kill -1' results in the kernel terminating all processes visible to the caller, a significant security risk.
- The behavior differs from GNU coreutils, highlighting implementation variations that can lead to vulnerabilities.
Affected: Linux-based embedded systems, Embedded Linux distributions, Industrial control systems (ICS) using Linux
Linux Kernel/Containerization
A vulnerability in the chroot utility allows attackers to inject malicious NSS modules from a writable new root directory, leading to arbitrary code execution as root.
Key Points:- The vulnerability lies in the chroot utility's handling of --userspec.
- It allows attackers to inject malicious NSS modules via a writable NEWROOT directory.
- This can lead to container escape or privilege escalation, effectively gaining root access.
Affected: Linux-based embedded systems utilizing chroot, Containerized environments (Docker, Kubernetes) running on embedded devices, Embedded Linux distributions
Linux Kernel/Embedded Linux Filesystem Operations
The 'mv' utility in uutils coreutils can cause resource exhaustion or data corruption when moving directory trees containing symbolic links across filesystem boundaries, potentially impacting embedded systems utilizing Linux.
Key Points:- Improper handling of symbolic links during cross-filesystem moves.
- Expansion of symlinks instead of preservation, leading to unintended data duplication or recursion.
- Potential for resource exhaustion (disk space/time) due to large linked targets or symlink loops.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems (ICS) using embedded Linux
Linux Kernel/Filesystem Utilities
A TOCTOU race condition in the 'mv' utility allows a local attacker to overwrite arbitrary files by leveraging symbolic links during cross-device copy operations.
Key Points:- TOCTOU race condition in 'mv' utility.
- Exploitation involves replacing the destination with a symbolic link.
- Privileged move operation follows the symlink, enabling arbitrary file overwrite.
Affected: Embedded Linux systems, Linux-based devices with uutils coreutils installed
Linux Kernel/Embedded Linux
A vulnerability in the rm utility allows bypass of directory protection, leading to silent recursive deletion within the current directory.
Key Points:- Bypass of safeguard mechanisms in rm utility.
- Silent recursive deletion of all contents within the current directory.
- Misleading 'Invalid input' error obscures data loss.
Affected: Embedded Linux systems, Linux-based devices
Linux Kernel/File System Utilities
The cp utility's recursive copy functionality incorrectly handles character and block device nodes, potentially leading to denial-of-service by creating regular files from devices like /dev/null.
Key Points:- Recursive copy (-R) in cp fails to preserve device node semantics.
- Device nodes are treated as stream sources, leading to incorrect file creation.
- Can cause denial-of-service due to disk exhaustion or process hangs when reading from unbounded device nodes.
Affected: Embedded Linux Systems, Linux Distributions
Linux Kernel/Filesystem
A TOCTOU vulnerability in the 'mv' utility allows a local attacker to manipulate security attributes of files during cross-device moves, potentially leading to privilege escalation or other security compromises.
Key Points:- TOCTOU vulnerability in 'mv' utility.
- Impacts extended attribute (xattr) preservation logic.
- Race condition allows attacker to swap files between system calls.
Affected: Linux-based embedded systems, Embedded Linux distributions, Systems utilizing uutils coreutils
Linux Kernel/Embedded Linux
A vulnerability in the cp utility allows for unintended preservation of setuid/setgid bits on copied files, potentially creating privileged executables when ownership changes fail.
Key Points:- The vulnerability lies in how cp handles setuid/setgid bits when ownership preservation fails.
- The '-p' flag is the trigger for this behavior, attempting to preserve source file modes.
- This can lead to user-owned files retaining original privileged bits, bypassing security policies.
Affected: Embedded Linux systems, Linux-based devices
Linux Kernel/Embedded Linux
A bypass vulnerability in the rm utility allows attackers to potentially delete the entire root filesystem by exploiting symbolic links, posing a significant risk to embedded systems utilizing coreutils.
Key Points:- The vulnerability bypasses the --preserve-root protection in rm.
- It exploits symbolic links pointing to the root directory.
- Recursive deletion of the root filesystem is a potential outcome.
Affected: Embedded Linux devices, Linux-based routers, Industrial PLCs with Linux
Linux Kernel/Utilities
A vulnerability in the 'comm' utility within uutils coreutils can lead to data loss and potential indefinite hangs when processing non-regular file inputs like FIFOs or pipes, which are commonly used in embedded Linux systems.
Key Points:- The 'comm' utility incorrectly reads data from non-regular files (FIFOs, pipes) before comparison.
- This pre-read operation can silently drain data from the stream, resulting in data loss.
- The utility may hang indefinitely when attempting to pre-read from infinite streams (e.g., /dev/zero).
Affected: Embedded Linux devices, Linux-based IoT devices, Industrial control systems (ICS) using Linux
Linux Kernel/Embedded Linux
CVE-2026-35341 in coreutils mkfifo allows unauthorized modification of file permissions, potentially impacting embedded Linux systems and devices relying on this utility.
Key Points:- The vulnerability lies in the mkfifo command within coreutils.
- Failure to create a FIFO due to an existing file leads to unintended permission changes.
- The default mode (644) is applied, potentially exposing sensitive files like SSH keys.
Affected: Embedded Linux devices, Linux-based IoT devices, Systems utilizing coreutils
Linux Kernel/Embedded Linux
A vulnerability in the chmod utility allows users to bypass root protection, potentially leading to system-wide permission loss and complete system breakdown.
Key Points:- The vulnerability bypasses the --preserve-root safety mechanism.
- Path traversal vulnerabilities (using /../ or symbolic links) can be exploited.
- Recursive operations (chmod -R 000) on the root filesystem are possible.
Affected: Embedded Linux systems, Linux-based devices, IoT devices using coreutils
Database Management System (DBMS)
CVE-2018-25272 describes a critical remote code execution vulnerability in ELBA5 5.8.0 allowing attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions.
Key Points:- Remote code execution vulnerability
- Attackers can obtain database credentials.
- Attackers can execute arbitrary commands with SYSTEM level permissions.
Affected: ELBA5 5.8.0, Systems utilizing ELBA5 database
General Embedded Device/Firmware
LanSpy, a network scanning tool, contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code via SEH chain manipulation.
Key Points:- Local buffer overflow vulnerability
- Exploitation via Structured Exception Handling (SEH)
- Use of egghunter techniques for shellcode location and execution
Affected: Windows (as LanSpy is a Windows application), Potentially embedded devices if used in conjunction with them
Linux Kernel
The article discusses the growing concern of supply chain attacks in open-source software and explores 'dependency cooldown' as a mitigation strategy, which is increasingly being considered by package managers.
Key Points:- Supply chain attacks are increasing in frequency and impact.
- Dependency cooldown (delaying updates) is gaining traction as a defense mechanism.
- The practice faces criticism from some who believe it shifts risk onto others.
Affected: Embedded Linux systems, IoT devices with Linux-based OS, Industrial control systems using open source software
Consumer & Smart Devices
The UK's NCSC has developed a plug-in device, SilentGlass, designed to prevent cyberattacks targeting monitors, particularly in environments where screen information needs to be protected.
Key Points:- SilentGlass is a physical device that plugs into monitors to prevent screen scraping and recording.
- It works by blanking the monitor output when unauthorized access is detected, preventing visual data theft.
- The device aims to protect sensitive information displayed on monitors in various settings, including government offices and businesses.
Affected: Monitors, Display devices
Bootloaders
A flaw in libefiboot's device path node parser can lead to stack exhaustion and a denial of service by allowing an attacker to craft malicious device path nodes.
Key Points:- The vulnerability lies in the parser for EFI device path nodes within libefiboot.
- Insufficient validation of node length leads to infinite recursion and stack exhaustion.
- The vulnerability is exploitable by a local user, requiring physical access or compromised system.
Affected: Embedded Linux systems utilizing libefiboot, Firmware update processes leveraging libefiboot
Linux Kernel (via Python)
A vulnerability in InstructLab's `linux_train.py` script allows remote code execution by hardcoding a trust setting when loading models from HuggingFace, potentially leading to system compromise.
Key Points:- The vulnerability resides in a Python script (`linux_train.py`) used within InstructLab.
- The script hardcodes `trust_remote_code=True`, disabling a critical security check.
- Attackers can exploit this by providing malicious models from the HuggingFace Hub.
Affected: Systems running InstructLab that utilize the `linux_train.py` script, Potentially embedded systems leveraging InstructLab for machine learning tasks if the system runs Linux.
Linux Kernel
A TOCTOU race condition in PackageKit allows unprivileged users to install packages as root, potentially leading to local privilege escalation.
Key Points:- TOCTOU race condition in PackageKit
- Allows unprivileged users to install packages as root.
- Impacts versions 1.0.2 through 1.3.4
Affected: Linux distributions using PackageKit, Embedded Linux devices utilizing PackageKit for package management (e.g., some industrial control systems, automotive infotainment)
Linux Kernel
CVE-2026-31529 addresses a memory leak in the Linux kernel's cxl/region subsystem, potentially leading to denial-of-service.
Key Points:- The vulnerability resides in the cxl/region subsystem, which handles access to CXL (Compute Express Link) regions.
- A memory leak occurs due to improper resource management within the __construct_region() function.
- Failure to properly free resources can lead to memory exhaustion and system instability, especially in long-running embedded systems.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using Linux, Network Appliances running Linux
Linux Kernel
A memory leak vulnerability in the ASUS HID driver within the Linux kernel has been resolved, potentially impacting devices utilizing this driver.
Key Points:- Memory leak in asus_report_fixup() function.
- Switch to devm_kzalloc() for automatic memory management and freeing.
- Addresses an out-of-bounds read vulnerability as well.
Affected: Embedded Linux devices using ASUS HID driver, Linux-based routers/gateways, Industrial control systems running embedded Linux
Linux Kernel
A race condition in the Linux kernel's NVMe PCI driver can lead to double completions, potentially causing instability or denial-of-service.
Key Points:- The vulnerability exists in the nvme-pci driver.
- A race condition occurs during a queue reset when a high-priority task attempts to poll the queue before the block layer updates queue maps.
- This can lead to double completions, potentially causing system instability or denial-of-service.
Affected: Embedded Linux devices, Linux-based systems utilizing NVMe
Linux Kernel
A memory leak vulnerability in the Linux kernel's HID subsystem, specifically within the magicmouse driver, could lead to resource exhaustion over time.
Key Points:- The vulnerability resides in the magicmouse_report_fixup() function.
- It involves a failure to free memory allocated by kmemdup().
- The caller does not own the returned pointer, but relies on a sub-portion of the input rdesc.
Affected: Embedded Linux devices, Linux-based systems utilizing HID input (e.g., desktops, servers), Any device with a Linux kernel version containing the vulnerable magicmouse driver.
Linux Kernel
A memory leak vulnerability in the Apple HID driver within the Linux kernel could lead to resource exhaustion.
Key Points:- The apple_report_fixup() function was allocating memory but not freeing it, resulting in a leak.
- The vulnerability affects the Apple HID driver within Linux.
- While not directly exploitable for code execution, memory leaks can lead to denial-of-service (DoS) conditions.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using embedded Linux
Linux Kernel
CVE-2026-31518 describes a kernel memory leak in the Linux kernel's ESP (Encapsulating Security Payload) implementation related to asynchronous crypto operations, potentially leading to denial of service.
Key Points:- The vulnerability involves a memory leak in the Linux kernel's ESP implementation.
- It occurs when the TX queue for espintcp is full and asynchronous crypto is used.
- The memory leak could lead to denial-of-service conditions.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using Linux
Linux Kernel
A vulnerability in the Linux kernel's erofs filesystem allows for incorrect folio marking after interruption by a signal, potentially leading to data corruption or unexpected behavior.
Key Points:- The vulnerability exists in the erofs filesystem, a common choice for embedded systems due to its small footprint and read-only nature.
- Interruption by SIGKILL during a read operation can lead to incorrect marking of folio data as 'uptodate'.
- The patch addresses this by directly setting an error on the short read bio.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A circular locking dependency in the Linux kernel's NFC (Near Field Communication) driver could lead to a deadlock, potentially causing system instability.
Key Points:- The vulnerability resides in the nci_close_device() function within the NFC driver.
- A circular locking dependency is introduced due to flushing RX and TX work queues while holding a request lock.
- The issue is reproducible in NIPA (Network Infrastructure Performance Assessment) tests with a debug kernel, affecting approximately 4% of runs.
Affected: Embedded Linux devices, Linux-based IoT devices with NFC support
Linux Kernel
A double-free vulnerability in the Broadcom Wireless LAN (BCMASP) driver within the Linux kernel has been resolved, potentially leading to memory corruption.
Key Points:- The vulnerability resides in the BCMASP driver, a common component for wireless LAN interfaces.
- The issue is caused by incorrectly freeing a resource managed by `devm_request_irq()`, leading to a double-free condition.
- While the CVE description doesn't specify affected devices, many embedded systems utilize Linux as their operating system.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
CVE-2026-31496 addresses a netfilter conntrack issue where expectations from other network namespaces could be accessed via proc, potentially leading to information disclosure or privilege escalation.
Key Points:- The vulnerability resides in the Linux kernel's netfilter subsystem.
- It involves conntrack, a connection tracking framework commonly used in embedded systems and networking devices.
- The fix prevents access to expectations from other network namespaces, mitigating a potential security risk.
Affected: Embedded Linux devices, Networking appliances (routers, firewalls), Industrial control systems using Linux
Linux Kernel
A double-put vulnerability in the Meson SPI controller driver within the Linux kernel could lead to memory corruption.
Key Points:- The vulnerability is in the meson-spicc driver, part of the SPI subsystem.
- A double-put occurs during device removal due to a race condition or improper reference management.
- The vulnerability is resolved, indicating it was actively addressed.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using SPI, Networking Equipment running embedded Linux
Linux Kernel
A vulnerability in the Linux kernel's io_uring subsystem allows for potential out-of-bounds reads due to an incorrect wrap check when handling mixed SQE rings.
Key Points:- The vulnerability lies within the io_uring subsystem, a low-level asynchronous I/O interface.
- It affects 128-byte SQEs (Submission Queue Entries) on IORING_SETUP_SQE_MIXED rings.
- The incorrect wrap check can lead to an out-of-bounds read, potentially allowing attackers to access sensitive memory.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems using embedded Linux
Linux Kernel
A vulnerability in the Linux kernel's s390/entry code, specifically related to register scrubbing on kernel entry, has been resolved.
Key Points:- The vulnerability involved a missing register scrub (xgr %r12,%r12) in the s390/entry code.
- The issue stemmed from a change that removed task pointer loading into r12 but didn't update the register clearing sequence.
- This could potentially lead to information leakage or other issues depending on how r12 was being used.
Affected: Embedded Linux devices, s390x architecture systems
Linux Kernel
A buffer size calculation error in the Linux kernel's Samba (ksmbd) module could lead to memory corruption, potentially allowing for denial-of-service or remote code execution.
Key Points:- The vulnerability resides in the ksmbd module, which handles Samba file sharing.
- Incorrect calculation of response buffer length using a hardcoded value instead of an offset.
- The fix involves replacing the hardcoded value with `offsetof()` to ensure correct buffer management.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using Samba
Linux Kernel
A memory leak and NULL pointer dereference vulnerability in the Linux kernel's SMB protocol implementation (ksmbd) could lead to denial of service or potentially code execution.
Key Points:- The vulnerability resides in the `smb2_lock()` function within the ksmbd module.
- Multiple error handling flaws lead to memory leaks and a NULL pointer dereference.
- The vulnerability was discovered through call-graph analysis using sqry.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using Linux, Automotive infotainment systems (if utilizing SMB)
Linux Kernel
A vulnerability in the Linux kernel's ksmbd (SMB daemon) module allows a remote attacker to cause a denial-of-service by exploiting incorrect session handling during binding failures.
Key Points:- The vulnerability lies in the ksmbd module, responsible for handling SMB (Samba) protocol.
- A failed binding request with an incorrect password can trigger a session expiration, leading to a DoS.
- The fix involves preventing premature session expiration during binding attempts.
Affected: Embedded Linux devices, Linux-based routers/gateways, Network Attached Storage (NAS) devices
Linux Kernel
A use-after-free vulnerability in the Linux kernel's media subsystem was identified and resolved, potentially impacting embedded systems utilizing this functionality.
Key Points:- The vulnerability resides in the media subsystem (v4l2) of the Linux kernel.
- A race condition between REINIT and REQBUFS operations leads to a use-after-free.
- The fix involves serializing request queueing with req_queue_mutex to prevent concurrent cleanup and cancellation.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) with video processing), Networked Video Recorders (NVRs/DVRs), Smart Cameras
Linux Kernel
A memory corruption vulnerability in the Linux kernel's iptfs (IPsec Tunneling Fragmentation Support) subsystem can lead to crashes or potentially arbitrary code execution.
Key Points:- The vulnerability occurs due to a race condition during state cloning in iptfs.
- A failed allocation can leave `x->mode_data` pointing to freed memory, leading to a double-free when the state is destroyed.
- This can be exploited to cause denial of service or potentially escalate privileges depending on kernel configuration and exploitation techniques.
Affected: Embedded Linux devices, Routers, Firewalls, Industrial Control Systems (ICS) using IPsec), Network Switches
Linux Kernel
A double-free vulnerability in the vfio/pci DMA buffer feature of the Linux kernel could lead to memory corruption and potentially code execution.
Key Points:- The vulnerability resides in the vfio/pci driver, a key component for virtualizing PCI devices.
- The issue occurs due to an error in how DMA buffers are handled, specifically related to reference counting.
- A double-free condition can be triggered under specific circumstances, potentially leading to a crash or exploitable memory corruption.
Affected: Embedded Linux devices, Systems utilizing VFIO for PCI device virtualization (including embedded systems), Any system running a vulnerable Linux kernel version
Linux Kernel
A memory leak vulnerability in the AMDGPU DRM driver of the Linux kernel could lead to resource exhaustion over time.
Key Points:- The vulnerability resides in the DRM (Direct Rendering Manager) subsystem, specifically within the AMDGPU driver.
- A memory leak occurs when a sink is connected and resumes, as the old `drm_edid` allocation isn't freed before a new one is created.
- This leak could potentially impact embedded systems utilizing Linux as their operating system, particularly those with limited memory resources.
Affected: Embedded Linux devices, Systems using AMDGPU drivers
Linux Kernel
A vulnerability in the AMD display driver within the Linux kernel was identified where an invalid pointer access could occur when handling extended backlight capabilities, potentially leading to a crash or other unexpected behavior.
Key Points:- The vulnerability resides in the DRM (Direct Rendering Manager) AMD display driver.
- It involves a check for validity of 'ext_caps' during backlight setup, specifically addressing LVDS connectors.
- The fix ensures pointer validity before accessing it to prevent crashes or other issues.
Affected: Embedded Linux devices, Automotive Infotainment Systems (potentially), Industrial Control Systems using embedded Linux
Linux Kernel
A memory leak and NULL pointer dereference vulnerability in the DAMON_SYSFS subsystem of the Linux kernel can be exploited by a privileged user, potentially leading to system instability or denial-of-service.
Key Points:- Memory leak in damon_sysfs_new_test_ctx() due to early return.
- NULL pointer dereference vulnerability when a privileged user makes incorrect sequences of control calls to DAMON_SYSFS.
- The vulnerability is resolved by destroying param_ctx before returning from the function.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel
A NULL pointer dereference vulnerability exists in the Linux kernel's DAMON subsystem due to improper context validation, potentially exploitable by privileged users.
Key Points:- The vulnerability resides in the DAMON subsystem of the Linux kernel.
- Privileged users can trigger a NULL pointer dereference by manipulating sysfs attributes to set 'nr_contexts' to 0.
- Several commands within the DAMON sysfs interface can cause the crash when 'nr_contexts' is 0.
Affected: Embedded Linux devices, Linux-based routers/firewalls, Industrial control systems utilizing Linux
Linux Kernel
A NULL pointer dereference vulnerability in the DAMON subsystem of the Linux kernel can be triggered by manipulating sysfs interfaces, potentially leading to a system crash or denial of service.
Key Points:- The vulnerability lies within the DAMON subsystem, responsible for dynamic adaptive memory management.
- It involves a missing check within the `damon_sysfs_repeat_call_fn` function, leading to dereferencing a NULL pointer.
- The vulnerability can be reproduced by setting `nr_contexts` to 0 via the sysfs interface while DAMON is running, using a user-space tool like `damo`.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A use-after-free vulnerability in the XFS filesystem of the Linux kernel could lead to system instability or potential code execution.
Key Points:- The vulnerability occurs in xfs_inode_item_push() and xfs_qm_dquot_logitem_push() functions.
- The issue is due to dropping the AIL lock before saving a pointer (ailp) which is later dereferenced after being potentially freed.
- The fix involves saving the ailp pointer in a local variable while holding the AIL lock.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel
A kernel panic vulnerability in the ext4 filesystem driver has been resolved, preventing system crashes and improving error handling.
Key Points:- The vulnerability involved a kernel panic due to incorrect handling of inline data size exceeding PAGE_SIZE.
- The fix replaces BUG_ON() with proper error handling, preventing crashes and allowing the system to continue.
- The filesystem corruption is now reported via ext4_error_inode() and a memory leak prevented by releasing the buffer head.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel
CVE-2026-31447 addresses a potential mount failure in the ext4 filesystem within the Linux kernel when encountering an unsupported configuration.
Key Points:- The vulnerability relates to the ext4 filesystem, a common filesystem used in embedded Linux systems.
- The issue arises from an incorrect configuration where 'bigalloc' is enabled but 's_first_data_block' is not zero.
- The fix involves rejecting mount attempts with this invalid configuration, preventing a potential crash or unexpected behavior.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel
A crash vulnerability in the Linux kernel's DMA engine driver could occur when handling Function Level Reset (FLR) errors on hardware that doesn't support event log reporting.
Key Points:- The vulnerability exists in the idxd DMA engine driver.
- A crash occurs when attempting to restore an event log that was never allocated, or freeing it inappropriately.
- The issue arises from improper error handling when event log functionality is unavailable on the hardware.
Affected: Embedded Linux devices, Linux-based industrial control systems, Automotive infotainment systems (potentially), Network appliances running embedded Linux
Linux Kernel
A memory leak vulnerability in the Linux kernel's DMA engine driver (idxd) was resolved by ensuring resources are released before setting the workqueue type to NONE.
Key Points:- The vulnerability resides in the idxd DMA engine driver within the Linux kernel.
- It involves a memory leak triggered during workqueue reset operations.
- The fix ensures proper resource release before marking the workqueue as empty, preventing the leak.
Affected: Embedded Linux devices, Industrial Control Systems (ICS) using embedded Linux, Network Appliances with embedded Linux
Linux Kernel
A memory leak vulnerability in the Linux kernel's DMA engine (idxd driver) could lead to resource exhaustion during device removal, potentially impacting embedded systems that rely on DMA.
Key Points:- The vulnerability occurs during device removal in the idxd DMA engine driver.
- A reset of the device configuration registers to default values can cause a check for event log support to fail.
- The flawed logic leads to memory being leaked, potentially causing issues in systems utilizing DMA.
Affected: Embedded Linux devices, Linux-based industrial control systems, Network appliances running embedded Linux
Linux Kernel
A bug in the Linux kernel's netfs implementation could lead to a crash when writing core dumps to 9P filesystems, specifically involving ITER_KVEC iterators.
Key Points:- The vulnerability occurs within the netfs (Network File System) subsystem of the Linux kernel.
- It's triggered when a process crashes and core dumps are written to a 9P filesystem.
- The bug is due to improper handling of ITER_KVEC iterator types within the netfs_limit_iter() function.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel
A NULL pointer dereference vulnerability in the Linux kernel's netfs_unbuffered_write() function can be triggered during write retries, potentially leading to a crash or denial of service.
Key Points:- The vulnerability resides in the netfs subsystem, specifically within the retry path of write operations.
- Filesystems like 9P that do not define a 'prepare_write' operation are particularly vulnerable.
- The issue occurs when get_user_pages() fails with -EFAULT and the subrequest is flagged for retry, leading to a NULL pointer dereference.
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using Linux
Linux Kernel
A memory leak in the Btrfs filesystem of the Linux kernel can lead to resource exhaustion, potentially impacting system stability and security.
Key Points:- Memory leak in Btrfs filesystem
- Leak occurs due to missing cleanup of kobject resources
- Reproducible with CONFIG_DEBUG_KMEMLEAK enabled and blktests test case
Affected: Embedded Linux devices, Linux-based routers/gateways, Industrial control systems using Linux
Peripheral Interface Security
The article discusses Framework's adoption of the Oculink standard, a high-speed external I/O connection for graphics cards and other peripherals, which could have security implications due to its high bandwidth and external connectivity.
Key Points:- Framework is implementing Oculink in its Laptop 16, exposing the full 8-lane (8i) interface.
- Oculink uses optical connections, potentially offering improved security against electromagnetic interference (EMI) compared to Thunderbolt.
- The article highlights the potential for external GPUs and other peripherals connected via Oculink, which introduces new attack vectors.
Affected: Framework Laptop 16, Oculink-compatible external GPUs and docks (e.g., GPD G1, GMKtec NucBox M8)
Linux Kernel
A proposed change to the Rust language aims to introduce a more granular hierarchy of traits for describing type sizes, which could impact embedded systems that rely on Rust.
Key Points:- Rust currently distinguishes between types with constant sizes and those with dynamically calculated sizes.
- RFC 3729 proposes a hierarchy of traits to better describe type sizes under different circumstances.
- This change is motivated by emerging use cases, potentially including embedded systems where precise memory management and size constraints are critical.
Affected: Embedded Linux Systems using Rust, Real-time Operating Systems with Rust support
Military/Defense Systems (Embedded)
The US Army is requesting a significant budget for FY2027, which will likely include substantial investments in embedded systems and related security measures across various military applications.
Key Points:- The US Army is requesting a $253 billion budget for FY2027.
- A significant portion of this funding is expected to be allocated to modernization efforts, including advanced technologies.
- Modernization will involve numerous embedded systems within military hardware (e.g., vehicles, communication devices, weapons systems).
Affected: Military vehicles, Communication systems, Weapon systems, Command and control systems
Mobile Security / NFC
Researchers discovered a new NGate malware variant trojanizing the HandyPay NFC-relay application to steal payment card data and PINs, enabling contactless ATM cash-outs.
Key Points:- NGate malware is now using a trojanized legitimate NFC-relay app (HandyPay) instead of custom tooling.
- The attack leverages the NFC functionality already present in HandyPay to relay data to an attacker's device.
- AI is suspected to have been used in the malware development, evidenced by emoji markers in debug logs.
Affected: Android Devices, NFC-enabled payment systems, HandyPay application
Linux Kernel/Firmware
A review of the Framework Laptop 13 Pro highlights its modular design, upgradeability, and focus on user repairability, including BIOS/firmware updates.
Key Points:- Modular design allows for hardware upgrades and replacements, potentially impacting firmware compatibility.
- Focus on user repairability suggests potential for self-implemented firmware modifications or updates, increasing attack surface.
- Discussion of LPCAMM2 memory and BIOS/firmware update processes reveals potential vulnerabilities in the boot chain.
Affected: Framework Laptop 13 Pro Firmware, Linux Kernel (potential), BIOS/UEFI
Industrial PLC/SCADA Systems
A novel wiper malware, Lotus Wiper, is being used to target Venezuelan energy systems, potentially impacting industrial control systems.
Key Points:- Lotus Wiper is a previously undocumented data wiper.
- The attacks target the energy and utilities sector in Venezuela.
- Batch scripts are used to initiate the wiper, suggesting a reliance on scripting languages within the targeted environment.
Affected: PLCs, SCADA systems, HMI panels
Linux Kernel/Toolchain
A heap-buffer-overflow vulnerability in binutils' XCOFF processing could lead to arbitrary code execution when linking specially crafted object files.
Key Points:- Heap-buffer-overflow vulnerability in binutils.
- Triggered by processing malicious XCOFF object files during linking.
- Potential for arbitrary code execution or denial of service.
Affected: Embedded Linux systems using binutils, Systems building firmware images with binutils
Linux Kernel
A buffer overflow vulnerability in the Linux kernel's SMB daemon (ksmbd) could lead to memory corruption when handling compound requests, potentially allowing for remote code execution.
Key Points:- Vulnerability exists in the ksmbd module of the Linux kernel.
- The issue stems from insufficient validation of buffer sizes during file information retrieval (get_file_all_info()).
- A compound request with QUERY_DIRECTORY + QUERY_INFO can trigger the overflow.
Affected: Embedded Linux devices, Devices utilizing Samba/SMB file sharing via Linux kernel
Linux Kernel
A buffer overflow vulnerability in the Linux kernel's ksmbd (SMB daemon) module could lead to out-of-bounds writes when handling compound requests, potentially allowing for code execution.
Key Points:- The vulnerability resides in the ksmbd module, a core component for SMB protocol handling.
- The issue occurs when processing compound requests (e.g., READ + QUERY_INFO) where the initial command consumes most of the response buffer.
- The root cause is an inaccurate calculation of the security descriptor size, leading to a buffer overflow during descriptor construction.
Affected: Embedded Linux devices, Linux-based routers/gateways, Network storage appliances
Linux Kernel
CVE-2026-31431 addresses a performance regression in the Linux kernel's cryptographic acceleration framework (algif_aead) by reverting an attempt to optimize data handling.
Key Points:- The vulnerability relates to the Linux kernel's cryptographic acceleration framework.
- The fix reverts a change that attempted in-place operations, deemed unnecessary and complex.
- While not directly exploitable as a vulnerability in itself, the change reverted could have introduced performance issues or potential side-channel vulnerabilities related to memory access patterns.
Affected: Embedded Linux devices, Linux-based routers, Industrial control systems using embedded Linux
Linux Kernel/Vulnerability Management
The article discusses Anthropic's AI model, Mythos, and its impact on vulnerability management, highlighting the need for prioritization tools like EPSS (Exploit Prediction Scoring System) due to the rapidly increasing number of discovered vulnerabilities. It also touches upon limitations in current vulnerability databases and suggests a shift towards machine-learning driven approaches.
Key Points:- Anthropic's Mythos is accelerating vulnerability discovery, overwhelming traditional vulnerability management systems.
- EPSS is being recommended as a tool to triage vulnerabilities, providing probabilistic estimates of exploitation likelihood.
- Current vulnerability databases (like NVD) are struggling to keep up with the volume of new vulnerabilities, leading to scaling back of enrichment efforts.
Affected: Embedded Linux Systems, Industrial Control Systems (ICS), IoT Devices, Networked Embedded Devices
Linux Kernel
A vulnerability in the Linux kernel's page table management allows unprivileged users to overwrite memory by exploiting largepage mappings created via shm_create_largepage(3).
Key Points:- The vulnerability lies in the pmap_pkru_update_range() function.
- It arises from mishandling 1GB largepage mappings created with shm_create_largepage(3).
- An unprivileged user can trigger the vulnerability, leading to memory corruption.
Affected: Embedded Linux devices, Linux-based systems
Storage Systems/Edge Computing
A critical authentication bypass vulnerability in MinIO's Snowball auto-extract handler allows attackers with a valid access key to write arbitrary objects to any bucket without signature verification, impacting any MinIO deployment.
Key Points:- Authentication bypass vulnerability allows arbitrary object writes.
- Exploitation requires only a valid access key and target bucket name.
- The vulnerability stems from missing signature verification in the Snowball auto-extract handler.
Affected: MinIO deployments (on-premise, cloud, edge)
Regulatory Landscape / General Embedded Security
The EU's Cyber Resilience Act (CRA) aims to establish a baseline security standard for digital products sold within the EU, impacting manufacturers and vendors.
Key Points:- The CRA shifts security focus upstream, targeting product design and maintenance.
- It applies to a broad range of digital products, including those with embedded systems and firmware.
- Manufacturers will need to demonstrate security by design and provide ongoing maintenance updates, directly impacting embedded device development practices.
Affected: All digital products with embedded systems sold in the EU, Embedded device manufacturers, Firmware developers
Smart Home Device / Consumer Electronics
Researchers have demonstrated a technique to bypass liveness detection in virtual assistant devices using virtual devices, potentially enabling fraudulent activities.
Key Points:- Liveness detection, commonly used in virtual assistant devices to prevent spoofing attacks, is vulnerable.
- Attackers can use virtual devices (e.g., emulated cameras and microphones) to generate synthetic data that fools liveness detection algorithms.
- This technique could be used for unauthorized access to accounts or services linked to virtual assistant devices.
Affected: Virtual Assistant Devices (Amazon Echo, Google Home), Embedded systems with liveness detection features, Firmware running on these devices
Consumer & Smart Devices / Automotive (Telematics/Infotainment)
The article details how improper implementation of FIDO2/WebAuthn MFA can be bypassed through authentication downgrade attacks, potentially impacting devices that rely on this standard for security.
Key Points:- FIDO2/WebAuthn's security relies on correct implementation and configuration.
- Authentication downgrade attacks can bypass FIDO2/WebAuthn protections by forcing older, less secure authentication protocols.
- Attackers can exploit vulnerabilities in how websites and applications handle MFA challenges to downgrade authentication methods.
Affected: Smartphones (Android/iOS), Laptops, Embedded devices with FIDO2/WebAuthn support (e.g., automotive telematics, industrial control panels with web interfaces)
Cloud Infrastructure & Embedded Device Security
IOActive's security assessment of Microsoft's Signing Transparency (ST) service, built on the Confidential Consortium Framework (CCF), found strong security but identified three informational findings.
Key Points:- Signing Transparency (ST) is designed to enhance software supply chain security.
- The assessment included code review, dynamic analysis, and fuzz testing of ST's implementation.
- ST is built on the Confidential Consortium Framework (CCF), which has implications for secure enclaves and potentially embedded devices utilizing similar frameworks.
Affected: Azure Confidential Consortium Framework (CCF), Potentially embedded devices utilizing CCF or similar secure enclave technologies
Gaming Console (Firmware/Bootloader)
A vulnerability in Minetest's LuaJIT environment allows malicious mods to escape the sandbox and execute arbitrary code with filesystem access, potentially impacting embedded devices running the game.
Key Points:- Vulnerability exists in LuaJIT sandboxed environment.
- Malicious mod can achieve arbitrary code execution and filesystem access.
- Affects server-side, async, mapgen, and client-side mod environments.
Affected: Android devices running Minetest, Raspberry Pi or other embedded systems running Minetest server, Custom embedded devices with Minetest client/server software
Wearables/Fitness Tracker
The Ultrahuman Ring integrates with Les Mills PowerPlug, using health metrics to recommend workouts, indicating embedded systems are involved in data processing and workout recommendations.
Key Points:- The ring collects health metrics (recovery, sleep).
- These metrics are used to recommend on-demand workouts.
- Integration with Les Mills PowerPlug suggests firmware and data processing within the ring itself.
Affected: Ultrahuman Ring Firmware, Les Mills PowerPlug Software
Network Security/API Gateway
A remote attacker can cause a denial of service or potentially other issues by manipulating the Host header in requests to ericc-ch copilot-api, leading to reverse DNS resolution issues.
Key Points:- Vulnerability in Header Handler component
- Manipulation of Host header leads to reverse DNS resolution reliance.
- Remote attack vector
Affected: ericc-ch copilot-api versions <= 0.7.0, Systems utilizing the ericc-ch copilot-api API gateway
Linux Kernel
This LWN.net weekly edition covers various developments, including kernel code removal and a scheduler regression, which are relevant to embedded systems utilizing Linux.
Key Points:- Kernel code removal: This impacts embedded systems relying on specific kernel modules or functionalities.
- Scheduler regression: A scheduler regression can affect real-time performance in embedded systems, potentially leading to instability or missed deadlines.
- Security updates: The 'Announcements' section mentions security updates, which are crucial for embedded devices to mitigate vulnerabilities.
Affected: Embedded Linux devices, Industrial control systems (ICS) using Linux
Wearables/Fitness Tracker
Apple has resolved a legal challenge regarding its blood oxygen sensor feature on the Apple Watch, allowing it to continue operating.
Key Points:- The blood oxygen sensor feature on the Apple Watch was previously banned in Germany due to patent infringement.
- Apple has now reached an agreement with Valencell, the company holding the disputed patent.
- The feature will continue to function on existing Apple Watch devices and future models.
Affected: Apple Watch (Series 6 and later)
Networking Protocol (libp2p)
A crash vulnerability in Nimiq's network-libp2p implementation, based on libp2p, can cause nodes to lose p2p networking functionality due to a panic when a remote peer re-opens the discovery protocol substream.
Key Points:- The vulnerability stems from improper handling of multiple discovery substreams within libp2p's connection handler.
- A remote peer can trigger the crash by re-establishing a discovery substream on an existing connection.
- The affected nodes experience a loss of p2p networking until restarted, impacting their ability to participate in the Nimiq network.
Affected: Nimiq nodes running versions prior to 1.3.0, Any system utilizing network-libp2p before v1.3.0
Smart Home Device
The Beghelli Sicuro24 SicuroWeb device lacks a Content Security Policy, allowing attackers to inject and execute arbitrary JavaScript through chained vulnerabilities.
Key Points:- Lack of Content Security Policy (CSP) allows loading external JavaScript.
- Chained with template injection and sandbox escape vulnerabilities.
- Enables attackers to execute arbitrary remote payloads in operator browser sessions.
Affected: Beghelli Sicuro24 SicuroWeb
Web Application on Embedded Device
Xerte Online Toolkits versions 3.15 and earlier have a missing authentication vulnerability that allows unauthenticated attackers to perform file operations, potentially leading to remote code execution.
Key Points:- Missing authentication check in the elFinder connector endpoint.
- Attackers can perform file operations (create, upload, rename, duplicate, overwrite, delete) on project media directories.
- Potential for chaining with path traversal and extension blocklist bypass to achieve remote code execution.
Affected: Xerte Online Toolkits installations
Mobile Device Firmware (iOS)
A vulnerability in iOS and iPadOS allowed notifications marked for deletion to be unexpectedly retained on the device, potentially exposing sensitive information.
Key Points:- Notifications marked for deletion were not properly removed from the device.
- The issue is fixed in iOS 18.7.8, iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2.
- This could lead to a privacy breach as users might not be aware that their deleted notifications are still present.
Affected: iOS Devices, iPadOS Devices
Smart Home Device
The return of Google's 'Continued Conversations' feature for Gemini on Home devices allows users to interact without repeatedly invoking the assistant, impacting how firmware handles voice processing and state management.
Key Points:- Continued Conversations feature relies on embedded firmware to maintain conversational state.
- Voice processing and natural language understanding (NLU) are handled within the device's embedded system.
- The featureβs implementation likely involves changes to the firmware's audio processing pipeline and memory management.
Affected: Google Nest Speakers/Displays
Linux Kernel/Embedded Linux Utilities
A logic error in the `tr` utility within coreutils causes incorrect character class definitions, potentially leading to data corruption when used in embedded systems relying on standard POSIX semantics.
Key Points:- The vulnerability lies in the `tr` utility, a core component of coreutils.
- Incorrect character class definitions ([:graph:] and [:print:]) can impact data processing pipelines.
- Embedded systems often rely on coreutils for scripting and data manipulation, making them susceptible to this issue.
Affected: Embedded Linux systems, Linux-based embedded devices
Linux Kernel/Shell Scripting on Embedded Systems
A logic error in the expr utility within coreutils can lead to arithmetic errors and premature script termination due to improper short-circuiting, potentially impacting embedded systems that rely on shell scripting for configuration or control.
Key Points:- The vulnerability is in the 'expr' utility, a core component of coreutils.
- Incorrect short-circuiting can cause arithmetic errors (e.g., division by zero) to be raised unexpectedly.
- This can disrupt shell script execution, potentially leading to system instability or failure.
Affected: Embedded Linux systems, Systems using coreutils
Linux Kernel/Embedded Linux
A logic error in the 'env' utility within uutils coreutils can cause a denial-of-service when parsing command-line arguments with the -S option, impacting systems that rely on consistent split-string behavior.
Key Points:- The vulnerability lies in the 'env' utility, a core component of many Linux distributions.
- The issue stems from incorrect handling of backslashes within single quotes when using the -S (split-string) option.
- This incompatibility with GNU env can break automated scripts and administrative workflows, leading to a denial of service.
Affected: Embedded Linux devices, Linux-based systems utilizing uutils coreutils
Linux Kernel/System Utilities
A TOCTOU vulnerability in the chcon utility allows a local attacker to manipulate SELinux labels by exploiting timing-sensitive races during recursive operations.
Key Points:- TOCTOU vulnerability in chcon utility
- Impacts recursive operations involving SELinux label changes.
- Race condition exploitable by local attacker with write access to a directory tree.
Affected: Linux-based embedded systems, Embedded Linux devices, Systems utilizing SELinux
Linux Kernel/Embedded Linux
A vulnerability in the 'id' utility within coreutils can lead to incorrect group information being used for access control decisions, potentially resulting in security misconfigurations.
Key Points:- The 'id' utility incorrectly uses a user's real GID instead of their effective GID.
- This discrepancy can cause scripts and automated processes to make incorrect security decisions.
- Many embedded systems utilize Linux or Embedded Linux distributions, which often include coreutils.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel/Embedded Linux
The printenv utility in uutils coreutils silently skips environment variables containing invalid UTF-8 sequences, potentially allowing malicious library injection or other attacks to evade detection.
Key Points:- printenv silently skips invalid UTF-8 environment variables.
- POSIX permits arbitrary bytes in environment strings, but uutils doesn't display them.
- This can allow malicious LD_PRELOAD values to go undetected.
Affected: Linux Systems (including embedded Linux distributions), Systems using uutils coreutils
Linux Kernel
The mknod utility in uutils coreutils creates device nodes before setting the SELinux context, potentially leaving mislabeled device nodes accessible if labeling fails.
Key Points:- mknod utility creates device nodes before applying SELinux context.
- Failure to label results in cleanup attempts that cannot remove device nodes/FIFOs.
- Mislabeled device nodes can lead to unauthorized access due to incorrect SELinux contexts.
Affected: Embedded Linux devices, Linux systems utilizing SELinux
Linux Kernel/Embedded Linux
The mktemp utility in uutils coreutils incorrectly handles an empty TMPDIR environment variable, potentially leading to temporary files being created in the current working directory instead of a secure location.
Key Points:- uutils mktemp implementation differs from GNU mktemp.
- Empty TMPDIR is treated as a valid path, not falling back to /tmp.
- Temporary files may be created in the current working directory (CWD).
Affected: Embedded Linux systems, Linux-based devices
Linux Kernel/Embedded Linux Utilities
A flaw in coreutils' ChownExecutor can lead to incorrect exit codes during recursive chown/chgrp operations, potentially causing security misconfigurations in administrative scripts.
Key Points:- Incorrect exit code reporting during recursive chown/chgrp operations.
- Final exit code only reflects the last processed file's success, masking earlier failures.
- Potential for security misconfigurations due to reliance on incorrect exit codes in scripts.
Affected: Embedded Linux systems, Linux-based devices
Linux Kernel/Embedded Linux
A flaw in the chmod utility's recursive mode can lead to incorrect exit codes, potentially allowing scripts on embedded systems running Linux to proceed with incorrect permissions.
Key Points:- The flaw lies in the recursive mode (-R) of chmod.
- Incorrect exit codes are returned, masking errors encountered during permission changes on multiple files.
- This can lead to scripts assuming success when failures occurred, potentially compromising system security.
Affected: Embedded Linux devices, Linux-based systems
Linux Kernel / Streaming Devices
The article discusses Microsoft's price reduction for Xbox Game Pass and proposes a 'Xbox Pass Edition' - a bundled subscription with a cheap streaming device, highlighting the need to innovate and address affordability concerns within Microsoft's gaming ecosystem.
Key Points:- Microsoft reduced the price of Xbox Game Pass Ultimate.
- The article suggests bundling Game Pass with a low-cost streaming device (similar to Chromecast) to attract more users.
- The article mentions the potential for a Linux-based streaming device, which could involve embedded systems and low-level software.
Affected: Xbox Series S/X consoles, Android-based streaming devices (potential embedded systems), Linux-based streaming devices, Automotive infotainment systems (potential integration)
Network Scanning Tools (potential embedded deployment)
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that could lead to code execution.
Key Points:- Local buffer overflow vulnerability in scan field input.
- Attackers can overwrite the instruction pointer, potentially leading to code execution.
- Payload size requirement: 688 bytes padding + 4 bytes controlled data.
Affected: Windows (as LanSpy is a Windows application), Potentially embedded devices utilizing network scanning tools similar to LanSpy (e.g., security appliances, industrial control systems with monitoring capabilities)
Point of Sale (POS) systems / ATMs
North Korean hackers are leveraging AI tools to improve their hacking capabilities, resulting in significant financial theft, potentially targeting ATMs and POS systems.
Key Points:- Hackers are utilizing AI for malware development, website creation (phishing), and overall operational efficiency.
- The use of AI lowers the barrier to entry for less skilled hackers, enabling them to conduct sophisticated attacks.
- The group stole approximately $12 million in three months, indicating a significant impact and potential for wider adoption of AI-assisted hacking techniques.
Affected: ATM networks, POS systems, Financial institutions
Linux Kernel/Embedded Linux
The Harvester threat actor is deploying a Linux-based GoGra backdoor leveraging Microsoft Graph API for covert command and control, potentially impacting embedded devices running Linux.
Key Points:- GoGra backdoor is being deployed on Linux systems.
- Microsoft Graph API and Outlook mailboxes are used for C2 communication, bypassing traditional defenses.
- The attack targets entities in South Asia, suggesting a targeted campaign.
Affected: Linux-based routers, Firewalls, Industrial gateways, Embedded Linux devices
Linux Kernel/Build Systems
A North Korean APT group is leveraging a compromised developer's Git repository to distribute malware, which can then infect systems that build from the repository.
Key Points:- Compromised developer's Git repository used as a distribution point for RATs and other malware.
- Malware is injected into build scripts, allowing it to be compiled and installed as part of the software build process.
- This creates a 'worm-like' infection vector, as systems pulling updates from the repository become infected.
Affected: Linux-based systems, Embedded Linux devices (if using the affected repository), Git repositories
Consumer & Smart Devices
A popular Corsair wireless gaming keyboard is being sold refurbished at a significantly reduced price, highlighting its features and potential drawbacks.
Key Points:- The keyboard utilizes a wireless dongle and Bluetooth connectivity, indicating embedded firmware for communication.
- It features hot-swappable switches, which involves low-level interaction with the keyboard's PCB and firmware.
- The keyboard is programmable via Corsair iCue software, suggesting embedded software for customization and control.
Affected: Keyboard Firmware, Wireless Communication Stack (Bluetooth/2.4GHz), Corsair iCue Software (interfacing with embedded system)
Consumer & Smart Devices / USB Hub Security
This article reviews a Ugreen USB-C hub that provides multiple ports including HDMI and USB-A, highlighting its compatibility and power delivery capabilities.
Key Points:- The hub acts as an intermediary between a laptop and external devices.
- It supports 100W power delivery, which could be vulnerable to power manipulation attacks.
- The hub's plug-and-play nature means it relies on OS drivers, potentially introducing vulnerabilities.
Affected: Laptops (various), External Monitors, Connected USB Devices
Government Surveillance/Mobile Device Security
U.S. Immigration and Customs Enforcement (ICE) is using Graphite spyware, an Israeli product, to surveil individuals.
Key Points:- ICE has confirmed the use of Graphite spyware, which is known to target mobile devices.
- Graphite operates similarly to Pegasus, a controversial spyware used for targeted surveillance.
- The use of such tools raises concerns about privacy and civil liberties, particularly regarding potential misuse.
Affected: Android Devices, iOS Devices
AI Agent Platform / API Security
Researchers discovered a data breach in Moltbook, an AI agent social network, exposing API tokens and plaintext credentials shared within private messages, highlighting risks of cross-app permission stacking.
Key Points:- Exposure of 1.5 million AI agent API tokens.
- Plaintext third-party credentials (e.g., OpenAI API keys) found in private messages.
- Demonstrates the risk of agents sharing credentials and potential for privilege escalation/data leakage through cross-app permissions.
Affected: Moltbook Platform, AI Agents utilizing Moltbook
DNS Servers/Resolvers (potentially embedded)
Concurrent RPZ transfers can lead to data inconsistency, use-after-free vulnerabilities, and crashes in recursor implementations.
Key Points:- The vulnerability stems from concurrent transfers of the same RPZ (Response Policy Zone).
- It can result in use-after-free conditions and crashes.
- While typically caused by malfunctioning RPZ providers, the vulnerability exists within the recursor software.
Affected: DNS Servers, DNS Resolvers, Embedded DNS servers (e.g., in routers, IoT devices)
Telecommunications Infrastructure
Researchers have discovered ProxySmart software facilitating large-scale SIM farm operations, potentially impacting telecommunications infrastructure and security.
Key Points:- ProxySmart software is used to manage SIM farms at an industrial scale.
- SIM farms are utilized for malicious activities like bypassing geo-restrictions, fraud, and launching attacks.
- The software allows users to control a large number of SIM cards simultaneously, making detection and mitigation difficult.
Affected: Telecommunications infrastructure, Mobile network operators' systems, SIM card providers
Linux Kernel/Toolchain
A vulnerability in binutils' readelf utility allows a local attacker to cause a denial-of-service by processing a crafted ELF file.
Key Points:- The vulnerability resides in the `readelf` utility, a core component of binutils.
- It allows for DoS via crafted ELF files. While not a direct attack on embedded devices, binutils is used to build and analyze firmware images.
- ELF (Executable and Linkable Format) is a common format for executables, libraries, and core images used in embedded Linux systems.
Affected: Embedded Linux devices, Systems using binutils for firmware builds
Linux Kernel/Toolchain
A crafted ELF file can trigger resource exhaustion or null pointer dereference vulnerabilities in the readelf utility, potentially leading to a denial-of-service.
Key Points:- The vulnerability lies in the readelf utility, a standard tool for analyzing ELF files.
- ELF (Executable and Linkable Format) is widely used in embedded Linux systems for executable files, libraries, and object code.
- Resource exhaustion (out-of-memory) and null pointer dereference vulnerabilities are common low-level security concerns.
Affected: Embedded Linux systems, Development environments for embedded devices
Critical Infrastructure/5G Networks
The UK's National Cyber Security Centre (NCSC) warns of a growing cyber risk landscape driven by geopolitical tensions and technological advancements, which includes implications for critical national infrastructure.
Key Points:- Rapid technological change, particularly in areas like 5G and AI, is expanding the attack surface.
- Geopolitical instability and nation-state actors are increasing cyber threats to critical infrastructure.
- The NCSC emphasizes the need for organizations to improve their resilience and adopt a proactive approach to cybersecurity.
Affected: Critical National Infrastructure (CNI), Telecommunications Networks, Government Systems
Banking/Financial Systems (potentially impacting ATMs or POS systems)
Researchers have identified a new LOTUSLITE malware variant targeting Indian banks and South Korean policy circles, utilizing dynamic DNS-based C2 communication for espionage.
Key Points:- New LOTUSLITE variant uses dynamic DNS for C2 communication.
- Supports remote shell access, file operations and session management β suggesting espionage focus.
- Targets Indian banking sector; potential for impact on ATMs or POS systems within banks.
Affected: ATM systems, Point of Sale (POS) devices, Banking network infrastructure
Linux Kernel/Embedded Linux
A vulnerability in Spring Security's JWT decoding implementation allows for bypass of OAuth2TokenValidator, potentially leading to unauthorized access if improperly configured.
Key Points:- The vulnerability affects Spring Security versions 6.3.0 - 6.3.14, 6.4.0 - 6.4.14, 6.5.0 - 6.5.9 and 7.0.0-7.0.4.
- It stems from a missing configuration step when using NimbusJwtDecoder or NimbusReactiveJwtDecoder.
- The vulnerability requires proper JWT configuration and OAuth2TokenValidator implementation, which is often used in embedded Linux-based systems.
Affected: Embedded Linux devices, IoT Gateways, Industrial Control Systems (ICS) using Spring Boot
Network Security/Reverse Proxy
OAuth2 Proxy versions 7.5.0 through 7.15.1 are susceptible to an authentication bypass when specific configuration options and request patterns are present, potentially exposing protected resources.
Key Points:- Authentication bypass vulnerability in OAuth2 Proxy.
- Requires specific configuration: `skip_auth_routes` or legacy `skip_auth_regex` with attacker-controlled suffixes.
- Fragment delimiter (`#`) manipulation allows unauthenticated access to protected resources.
Affected: Any system utilizing OAuth2 Proxy versions 7.5.0 - 7.15.1
General Embedded Security/Firmware Testing
The article discusses the evolution of security consulting practices, including incorporating fuzzing and AI to improve vulnerability discovery.
Key Points:- Early adoption of fuzzing by consultants to proactively identify vulnerabilities.
- Integration of AI and machine learning into security assessment workflows.
- Focus on staying ahead of emerging threats through continuous adaptation and innovation in testing methodologies.
Affected: Embedded Systems (potentially), Firmware
Semiconductor Manufacturing & Security
The article explains the complex jargon used within the semiconductor industry, highlighting its intersection with various engineering and scientific disciplines.
Key Points:- The semiconductor industry utilizes a vast and specialized vocabulary.
- This jargon spans multiple disciplines including chemistry, physics, electrical engineering, and computer science.
- Understanding this jargon is crucial for managing business impacts, cybersecurity consequences, and overall risk within the semiconductor supply chain.
Affected: Semiconductor Manufacturing Facilities, Embedded Systems (indirectly)
Smart Home Device / Consumer Electronics
The article discusses the growing threat of AI voice cloning and its potential for financial fraud, highlighting the need to treat voice as untrusted input within systems.
Key Points:- AI voice cloning is being used in red team exercises to bypass security controls.
- Voice should not be considered a reliable identifier.
- Generative AI is accelerating vishing and synthetic media attacks, potentially leading to significant financial losses.
Affected: Voice-enabled smart home devices, IVR systems in banking/finance, Any system relying on voice authentication
