Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43629 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-08 | 7.8 High |
| Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2024-43624 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-08 | 8.8 High |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | ||||
| CVE-2024-43646 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-08 | 6.7 Medium |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2024-43631 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-08 | 6.7 Medium |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2024-43553 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.4 High |
| NT OS Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-37983 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 6.7 Medium |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2024-37979 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-07-08 | 6.7 Medium |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-37982 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 6.7 Medium |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2024-43529 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2025-07-08 | 7.3 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2024-43516 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2025-24084 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-07 | 8.4 High |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24083 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-02 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-21381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-43532 | 1 Qualcomm | 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more | 2025-06-17 | 8.4 High |
| Memory corruption while reading ACPI config through the user mode app. | ||||
| CVE-2023-34333 | 1 Ami | 1 Megarac Sp-x | 2025-06-17 | 7.8 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2023-34332 | 1 Ami | 1 Megarac Sp-x | 2025-06-17 | 7.8 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2024-20680 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-09 | 6.5 Medium |
| Windows Message Queuing Client (MSMQC) Information Disclosure | ||||
| CVE-2024-20663 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-03 | 6.5 Medium |
| Windows Message Queuing Client (MSMQC) Information Disclosure | ||||
| CVE-2023-36011 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-22 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-26807 | 1 Linux | 1 Linux Kernel | 2025-05-22 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, unless "struct cqspi_st" is the first member of " struct spi_controller", or the other way around, but it is not the case. "struct spi_controller" is allocated by devm_spi_alloc_host(), which allocates an extra amount of memory for private data, used to store "struct cqspi_st". The ->probe() function of the cadence-quadspi driver then sets the device drvdata to store the address of the "struct cqspi_st" structure. Therefore: struct cqspi_st *cqspi = dev_get_drvdata(dev); is correct, but: struct spi_controller *host = dev_get_drvdata(dev); is not, as it makes "host" point not to a "struct spi_controller" but to the same "struct cqspi_st" structure as above. This obviously leads to bad things (memory corruption, kernel crashes) directly during ->probe(), as ->probe() enables the device using PM runtime, leading the ->runtime_resume() hook being called, which in turns calls spi_controller_resume() with the wrong pointer. This has at least been reported [0] to cause a kernel crash, but the exact behavior will depend on the memory contents. [0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/ This issue potentially affects all platforms that are currently using the cadence-quadspi driver. | ||||