Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

...

Ubuntu 24.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-7789-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7789-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

SUSE CVE-2025-39906

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...

USN-7774-4: Linux kernel (KVM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...

USN-7790-1 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AMD CDX bus driver; - DP...

USN-7789-1: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...

USN-7789-1 linux-oracle-6.14 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...

UBUNTU-CVE-2023-53514

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by devsetname need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in deviceinitialize has not be...

CVE-2023-53514

CVE-2023-53514 concerns the Linux kernel gpu: host1x memory leak of device names. Root cause: device names allocated by dev_set_name() were not freed because the kobject refcount set in device_initialize() wasn’t decreased to 0; cleanup relied on put_device() and device_del() semantics, but freei...

CVE-2023-53514 gpu: host1x: Fix memory leak of device names

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by devsetname need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in deviceinitialize has not be...

USN-7775-3: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...

USN-7775-3 linux-azure-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...

UBUNTU-CVE-2025-39906

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...

CVE-2025-39906 drm/amd/display: remove oem i2c adapter on finish

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...

CVE-2025-39906 drm/amd/display: remove oem i2c adapter on finish

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...

CVE-2025-39906

The CVE-2025-39906 issue affects the Linux kernel drm/amd/display code. A fix removes the OEM I2C adapter on finish, addressing a bug where unbinding the GPU left the OEM I2C adapter registered, which could lead to a NULL pointer dereference when applications access the invalid device. The fix is...

PT-2025-40221

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Linux kernel related to device names allocated by dev set name. The device names are not freed before module unloading because the kobject's reference count,...

Linux Distros Unpatched Vulnerability : CVE-2025-23275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certa...

NVIDIA CUDA Toolkit Heap Buffer Overflow Vulnerability (CNVD-2025-23250)

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. NVIDIA CUDA Toolkit suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution...

USN-7775-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...