PT-2026-7593

Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service...

CVE-2025-47398

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

CVE-2025-47398

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

EUVD-2025-206610

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47398

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

PT-2026-5676

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

CVE-2025-70999

OneFlow v0.9.0 is affected by a GPU device-ID validation flaw in the flow.cuda.get_device_capability() function that can cause a Denial of Service via a crafted device ID. The issue is described consistently across CVE records (NVD/Red Hat/ OSV/CIRCL) as a DoS condition stemming from improper val...

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

EUVD-2025-206472

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-65890

OneFlow CVE-2025-65890 describes a device-ID validation flaw in OneFlow v0.9.0 where calling flow.cuda.synchronize() with an invalid/out-of-range GPU device index triggers a Denial of Service. The issue, rated CVSS v3.1 base 7.5 (HIGH), has no published fixed version per Snyk, and other sources c...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

PT-2026-5147

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.get device properties with an invalid or negative device index...

EUVD-2025-206473

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability, which stems from a flaw in GPU device ID verification. This vulnerability could lead to denial-of-service attacks...

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...