94 matches found
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
EUVD-2026-43043
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45195
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...
CVE-2026-45195 GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...
CVE-2026-41156
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...
CVE-2026-41156
CVE-2026-41156 concerns GPU DDK where a CPU-thread driver frees a memory page used by a GPU firmware thread, causing a write-after-free (UAF) due to the GPU still accessing the resource. The issue references a SYNC_PRIMITIVE_BLOCK firmware address without holding a reference in the kernelfirmware...
CVE-2026-34193
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...
CVE-2026-34193
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...
CVE-2026-34193
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...
CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...
PT-2026-45409
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...
CVE-2026-0427
CVE-2026-0427 is tied to AMD GPU firmware: improper cleanup of shared register resources could allow an admin-privileged attacker in one Guest VM to access shared resources from another Guest VM. The vulnerability targets the GPU firmware’s handling of shared register space, enabling potential lo...
CVE-2026-0427
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...
CVE-2026-0427
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...
Fedora 42 : linux-firmware (2026-1d240112ff)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d240112ff advisory. Update to 20260110: update firmware for MT7925 WiFi device mediatek MT7925: update bluetooth firmware to 20260106153314 mediatek MT7920: update bluetooth...
CVE-2025-58407
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...
PT-2025-47174
Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware, potentially exploiting a TOCTOU race condition. This could lead to a read and/or write of data outside the...
CVE-2025-32091
Incorrect default permissions in some firmware for the IntelR ArcTM B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may...