PT-2025-2940 · Kernel · Kernel

Name of the Vulnerable Software and Affected Versions: Kernel software affected versions not specified Description: The issue allows kernel software installed and running inside a Guest VM to exploit memory shared with the GPU Firmware, enabling it to write data outside the Guest's virtualised GP...

PT-2025-2782 · Imagination Technologies · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when software is installed and run as a non-privileged user, leading to improper GPU system calls. This results in platform instability and reboots. Recommendations: At th...

USN-7185-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in th...

PT-2024-37065 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically related to the GFX9 hardware support. The issue concerned the cleaner shader, where an omission in the previous patc...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a potential memory corruption when passing invalid input to invoke the GPU Headroom API if the input is not validated...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of some GPU-mapped BOs in the drm/panthor component, resulting in a kernel warning...

PT-2024-30628 · Imagination Technologies +1 · Graphics Ddk +1

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows software installed and run by a non-privileged user to make improper GPU system calls, enabling unprivileged access to an...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when handling GPU page table switches...

DEBIAN-CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

USN-7022-2 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Modular ISDN driver; - MMC subsystem; - SCSI drivers; - F2FS file system; - GFS2 file system; -...

Apple visionOS 安全漏洞

Apple visionOS is an operating system for AR glasses from Apple USA. A security vulnerability exists in Apple visionOS version 2, which stems from an application that may be able to read sensitive data from GPU memory...

AMD Uninitialized GPU Register Access Advisory - Lenovo Support US

No description provided...

PT-2024-25072 · Qualcomm · 205 Mobile Platform Firmware +86

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: Memory corruption can occur when an arbitrary user-space app gains kernel-level privilege to modify DDR memory by corrupting the GPU page table. Recommendations: At the moment, ther...

PT-2024-19840 · Lpac · Lpac

Name of the Vulnerable Software and Affected Versions: LPAC affected versions not specified Description: The issue involves memory corruption that occurs when creating an LPAC client, as the LPAC engine is allowed to access GPU registers. This results in a memory corruption problem...

DEBIAN-CVE-2024-35931

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. 557.371857 amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that if the GPU incorrectly accesses the Gart address, it will read undefined values instead of pag...

CVE-2024-1395

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This...

AZL-42276 CVE-2024-26949 affecting package kernel for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...

kernel: Linux kernel: Denial of Service in DRM scheduler due to improper work queue handling

A flaw was found in the Linux kernel's Direct Rendering Manager DRM scheduler. A local attacker with low privileges could exploit this vulnerability by triggering a GPU reset test. This improper handling of the scheduler work queue can lead to a kernel panic, which is a system crash, resulting in...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 123.0.6312.122, which originated from a vulnerability that allows remote attackers to corrupt GPU processes and perform sandbox escapes via specific UI gesture...