243 matches found
CVE-2026-57158 FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...
PT-2026-57295
Name of the Vulnerable Software and Affected Versions FreeRDP versions 3.21.0 through 3.27.0 Description FreeRDP clients using the GFX pipeline contain an incomplete fix in the planar decompress plane rle only function within libfreerdp/codec/planar.c. This allows a malicious RDP server to send a...
RockyLinux 10 : freerdp (RLSA-2026:36203)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36203 advisory. freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdiCacheToSurface CVE-2026-40033 freerdp: FreeRDP: Arbitrary code execution or deni...
EUVD-2026-40491
Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-13805
Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-13805
CVE-2026-13805 is a use-after-free vulnerability in the GFX component of Google Chrome on macOS, fixed in Chrome 150.0.7871.47 and later. The issue allowed a remote attacker to execute arbitrary code via a crafted HTML page; severity is High. Affected are Chrome builds prior to 150.0.7871.47. Rem...
CVE-2026-10891
An use after free flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513160681...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of GFX components after their release, which could allow remote attackers to exploit heap corruption...
SUSE-SU-2026:21936-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...
CVE-2026-9936
An use after free flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502104354...
CVE-2026-9936
Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-9117
A type confusion flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497542537...
CVE-2026-9117
Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: High...
CVE-2026-9117
Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cpeccerrorirq only when enabling legacy gfx ras gfx9 cpeccerrorirq is only enabled when legacy gfx ras is assert. So in gfxv90hwfini, interrupt disablement for cpeccerrorirq should be executed under...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Added missing gfx11 MQD manager callbacks. The mqdstride function was introduced in commit 2f77b9a242a2 "drm/amdkfd: Update MQD management on multi XCC setup", but it wasn’t assigned to gfx11. This issue is fixed by...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, use the /gfx or /rfx modes default setting; requires...
CVE-2025-66664
Insufficient parameter sanitization in AMD Secure Processor ASP TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDLOADGFXIPFW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception...
CVE-2026-7950
An out of bounds read and write flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496259890...
SUSE CVE-2026-7950
Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. Chromium security severity: Medium...