Mitre, NVD Official Published: 2026-01-16

Preface: ETSI TS 07.10 defines the multiplexer protocol for GSM networks, and DLCI 0 (Data Link Connection Identifier 0) specifically refers to the control channel used to manage multiple virtual serial sessions (like data, fax, voice) over a single physical serial link or its wireless emulation (like Bluetooth’s RFCOMM) to a device, essentially acting as the “local serial line” manager for those simultaneous connections on a smartphone or modem.

Background: In 2026, firmware-level flooding attacks over RFCOMM (Radio Frequency Communication) channels primarily exploit the device’s inability to handle excessive signaling and control traffic, leading to resource exhaustion or firmware crashes. These attacks typically occur without the need for prior pairing or authentication.

1. Assumed earbuds firmware is the vulnerable component because it acts as the Responder on DLCI 0 and processes ETSI TS 07.10 control commands (like TEST) without proper limits.
2. The attacker (or smartphone) sends the flooding traffic, but it’s lightweight for the sender—just repeated TEST frames.
3. The earbuds do all the heavy lifting: parsing, allocating buffers, and responding. This leads to resource exhaustion on the earbuds, not on the smartphone.

The earbuds will run out of resources (CPU/memory) due to excessive TEST frames, not the smartphone.

Vulnerability details: This vulnerability is caused by the firmware’s susceptibility to flooding attacks over RFCOMM channels. When an attacker floods the standard control channel (DLCI 0) with a high volume of legitimate TEST commands, the device’s processing queue is overwhelmed, leading to resource exhaustion and a firmware crash that forcibly terminates paired user connections. Other active data channels across the device’s RFCOMM implementation are also vulnerable to flooding via MSC (Modem Status Command) signaling frames, including both the standard HFP (Hands-Free Profile) channel and an undocumented Airoha auxiliary service channel.

Official announcement: Please refer to the link for details –https://www.tenable.com/cve/CVE-2025-13328

Initial publication: 2026-01-15

Preface: CVE-2025-29943 allows disabling AES-NI at runtime, forcing mbedTLS to fall back to a vulnerable software AES implementation. In SGX enclaves, this enables cache-timing attacks to recover AES keys.

Attack Prerequisites:

• Privileged access inside the VM (root or equivalent).
• Ability to manipulate CPU feature bits or configuration.

Background: An SGX enclave (Software Guard eXtensions) is

a secure, isolated area within a computer’s processor and memory, creating a Trusted Execution Environment (TEE) for running sensitive code and data, protected even from the OS, hypervisor, or BIOS.

A specific undocumented bit can disable AES-NI at runtime, forcing the AES portion of mbedTLS to “fall back” to a version vulnerable to caching attacks. Utilizing this “fallback” in an SGX enclave, it can fully restored the enclave to use the AES key. Therefore, the vulnerability allows an attacker to extract (recover) the existing secret key.

Ref: The stack pointer (SP) inside an SEV-SNP guest is a critical CPU register, protected by SEV-SNP’s memory encryption and integrity features, but recent attacks like StackWarp and CacheWarp exploit microarchitectural side channels (often involving hyperthreading or cache timing) to infer or manipulate the SP and other sensitive state, potentially bypassing SEV-SNP’s security by observing how memory/cache changes during execution, allowing attackers to hijack control or leak data.

Vulnerability details: CVE-2025-29943: Improper access control within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline, potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Remark:

-Privileged accounts are not immune to compromise (e.g., insider threats, privilege escalation).

-Cloud or virtualized environments often assume strong isolation, but if an attacker gains root/admin inside the VM, they can exploit this vulnerability.

-The vulnerability affects cryptographic integrity and confidentiality, which is critical for SGX and secure workloads.

Reminder: It’s not a remote exploit, but local privileged exploits are still considered medium-risk (4.6) because:

• They can lead to full compromise of sensitive data.
• They break the security guarantees of SGX and SEV environments.

Official announcement: Please refer to the link for details.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3027.html

Preface: On Linux, this typically manifests as:

• Unvalidated library loading (similar to LD_PRELOAD abuse).
• Potential exploitation via malicious shared objects ([.]so files) placed in search paths.

Attackers could leverage writable directories or environment variables (like LD_LIBRARY_PATH) to inject malicious code when Nsight starts profiling.

Background:

Nsight Compute – As an interactive kernel profiler for CUDA applications, Nsight Compute provides detailed performance metrics and API debugging via a user interface and command line tool. Nsight Compute also provides customizable and data-driven user interface and metric collection that can be extended with analysis scripts for post-processing results.

Nsight Graphics – This is a standalone development tool for debugging, profiling and analysing graphics applications. Nsight Graphics allows optimization of performance of Direct3D 11, Direct3D 12, DirectX Raytracing 1.1, OpenGL, Vulkan, and KHR Vulkan Ray Tracing Extension based applications.

Injection allows tools like NVIDIA Nsight Graphics to sit between your application and the graphics driver to intercept, record, and manipulate the stream of commands.

Don’t underestimate the value of independent developer workstations. Sometimes, these workstations may store product prototypes and notes. If this information is intellectual property, and the workstation is located within the development team’s network segment, a cyberattack could not only lead to information leaks but also cause financial losses!

Vulnerability details: CVE-2025-33206 – NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

Remark: If Nsight runs with elevated permissions (common for GPU profiling), exploitation can lead to:

• Arbitrary code execution.
• Escalation of privileges.
• Data tampering or denial of service.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5738

Preface: Many large, enterprise-level companies across various industries use or have used the open-source Apache Struts framework for building Java web applications. Companies using this framework must ensure they are on a currently supported version and apply security patches immediately.

Background: The Model-View-Controller (MVC) is a software architectural pattern used in Java and other programming languages to separate an application’s logic into three interconnected core components: the Model (data and business logic), the View (user interface), and the Controller (input handling and coordination).

This separation of concerns makes applications easier to manage, test, and scale by allowing developers to modify one part of the application without significantly affecting the others.

Apache Struts is a framework for building enterprise-level Java apps. It follows the Model-View-Controller (MVC) pattern. Struts helps maintain a clean code structure and scalability. The framework supports internationalization, making it ideal for multi-language apps. It integrates easily with other Java EE components like EJBs and JMS.

Vulnerability details: Missing XML Validation vulnerability in Apache Struts, Apache Struts.This CVE (based on its pattern and recent advisories) likely relates to remote code execution (RCE) or OGNL injection triggered by unsafe configurations or certain result types. If your configuration:

• Allows user-controlled parameters to influence OGNL expressions.
• Uses developer mode in production.
• Has wildcard mappings or dynamic method calls.

Official announcement: Please refer to the link for details –

https://www.tenable.com/cve/CVE-2025-68493

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

*Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Official published: 5th JAN 2026

Preface: When used in an automotive context, the Snapdragon 8 Gen 3 Mobile Platform—and its dedicated automotive counterparts—utilize a High-Level Operating System (HLOS).

While the “Mobile Platform” is a consumer-grade chip typically found in smartphones, some automakers have integrated it directly into vehicles. For purpose-built automotive solutions, Qualcomm offers the Snapdragon Cockpit Elite and Snapdragon Ride Elite, which share the same underlying architecture (Oryon CPU cores) as the mobile 8-series.

Background: The Snapdragon 8 Gen 3 Mobile Platform redefines mobile connectivity with advancements in speed, reliability, and future-proofing. At its core is the Snapdragon X75 5G Modem-RF System, which delivers high performance, including up to 10Gbps downlink and 3.5Gbps uplink speeds.

While the High-Level Operating System (HLOS) allocates a non-secure buffer to communicate with the Trusted Execution Environment (TEE), this buffer is only used for passing encrypted payloads, commands, or non-sensitive handshake parameters.

The Automotive smart cockpit is an advanced integrated digital environment that uses artificial intelligence, sensors and connectivity to unify the driver interface, infotainment and vehicle controls, transforming the cabin into a personalized interactive space for driving, entertainment and productivity.

HDCP is used in smart cockpits to protect high-resolution digital video and audio content transmitted across internal digital interfaces like HDMI, DisplayPort, and automotive-specific links such as APIX (Automotive Pixel Link ) or GMSL (Gigabit Multimedia Serial Link).

HDCP in Automotive Platforms (HDCP) is a link protection protocol, and its security depends on proper key management and session handling inside the TEE.

• The session keys are stored securely in TEE and referenced by session ID.
• There’s no indication that the same nonce or key pair is reused across sessions or encryption operations.
• The non-secure buffer is freed after the session ends, which is good practice.

Vulnerability details: Cryptographic issue may occur while encrypting license data. The potential vulnerability (CVE-2025-47345) in Qualcomm Snapdragon platforms arises from reusing a nonce or key pair during encryption, violating cryptographic best practices (CWE-323). This issue is not an application-level flaw but a platform design decision.

As a matter of fact, modern threat models consider:

•         TEE compromise or privilege escalation as realistic attack vectors.

•         Static cryptographic material as a critical weakness, enabling replay attacks, impersonation, or content decryption.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-47345