GHSA-FCW5-X6J4-CCMP vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

CVE-2026-53923

CVE-2026-53923 affects vLLM GGUF dequantize kernels. Root cause: integer truncation due to using int for the element count parameter, causing m*n (potentially > INT_MAX) to be truncated when passing to CUDA kernels, leading to unfilled output tensor memory that may retain data from previous in...

CVE-2026-12030

The following flaw was identified in the Chromium browser: Heap buffer overflow GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518007423...

CVE-2026-12028

The following flaw was identified in the Chromium browser: Use after free GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517555461...

CVE-2026-34192

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

EUVD-2026-38002

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...

CVE-2026-41156 GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...

CVE-2026-34192

CVE-2026-34192 affects GPU driver components (GPU DDK) where MMU page tables are freed without proper cleanup in an error path, allowing a non-privileged user to trigger use-after-free of physical memory. The issue is caused by _MMU_AllocLevel error recovery paths that leave dangling page table e...

EUVD-2026-38001

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

EUVD-2026-37519

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

Summary All temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors tha...

CVE-2026-12469

CVE-2026-12469 affects Google Chrome on Android, where an uninitialized use in the GPU could allow a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability lies in the GPU component, with the affected version range prior to 149.0.7827.155. Remediation is to update to...

Chromium: CVE-2026-11672 Out of bounds write in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-12010 Heap buffer overflow  GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-36606

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

CVE-2026-41155

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

CVE-2026-41157

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but...

CVE-2026-41157 GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but...

CVE-2026-41157

The CVE-2026-41157 entry concerns Imagination Graphics DDK with an OOB write in the GPU driver when processing WebGPU content in the GLES render path. The root cause is an integer overflow while computing a required memory size from untrusted input, which can yield a value smaller than needed; su...

CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...