CVE-2025-0044

An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2024-21950

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in the HashPeImageByType function. A user can cause an out-of-bounds read when a corrupted data pointer and length are sent via an adjacent network. Successful exploitation of this vulnerability may result in a loss of integrity and/or availability...

Astra Linux - уязвимость в openldap

A flaw was discovered in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, thereby triggering an assertion failure. The greatest threat of this vulnerability is to system availability...

Astra Linux - уязвимость в openexr

There is a flaw in OpenEXR in versions before 3.0.0-beta. A carefully crafted input file processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to issues with the application’s functionality...

Astra Linux - уязвимость в python3.7

A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR in versions prior to 3.0.0-beta. A specially crafted input file provided by an attacker, when processed by the Dwa decompression functionality of OpenEXR’s IlmImf library, could lead to a NULL pointer dereferencing error. The most severe consequence of this...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick within MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in values that fall outside the range of types float and unsigned char. This likely leads to a disruption in the application...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking, allowing a privileged attacker to remove address ranges from memory. This creates an opportunity to circumvent SecureBoot protections after proper analysis of grub’s memory layout. The...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2025-29937

An out of bounds read within the AMD Platform Management Framework PMF could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality...

CVE-2026-0481

The AMD Device Metrics Exporter (ROCm ecosystem) is affected by CVE-2026-0481: it allows unrestricted IP address binding, enabling a remote attacker to access the GPU-Agent gRPC server (port 50061 by default) and potentially alter GPU configuration, impacting availability. This is documented in A...

EUVD-2024-19556

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...

CVE-2024-21950

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...

CVE-2026-0427

CVE-2026-0427 is tied to AMD GPU firmware: improper cleanup of shared register resources could allow an admin-privileged attacker in one Guest VM to access shared resources from another Guest VM. The vulnerability targets the GPU firmware’s handling of shared register space, enabling potential lo...

CVE-2023-31309

CVE-2023-31309 describes an improper validation vulnerability in AMD's Power Management Firmware (PMFW). The issue allows a user with privileges to pass malformed workload arguments when exporting table data from the System Management Unit (SMU) to DRAM, potentially causing loss of confidentialit...