CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-25176

The CVE-2025-25176 entry pertains to Imagination Graphics DDK GPU driver vulnerabilities; described issue is exfiltration of intermediate register values from secure workloads into non-secure world when scheduled by applications in the non-secure environment. Affected component: GPU driver/SDK (I...

CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world

Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform...

CVE-2025-23275

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure...

CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing

GPUs have gained significant popularity over the past decade, extending beyond their original role in graphics rendering. This evolution has brought GPU security and reliability to the forefront of concerns. Prior research has shown that CUDA's lack of memory safety can lead to serious...

CVE-2022-50878

CVE-2022-50878 relates to the Linux kernel GPU driver for lontium-lt9611. The root cause was a missing NULL check on bridge->encoder in lt9611_connector_init(), which could be NULL but was dereferenced in drm_connector_attach_encoder. The vulnerability is resolved by the fix that introduces a ...

gpu: host1x: Fix race in syncpt alloc/free

...

CVE-2025-40289

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

UBUNTU-CVE-2025-40225

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region aka drmgpuva. The VMBIND interface allows parti...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-8045 Mali GPU Kernel Driver allows improper GPU processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from...

CVE-2025-58407

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...

CVE-2025-58410

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

CVE-2025-52910

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation...

CVE-2025-52910

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation...

PT-2025-45046

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor and Wearable Processor Exynos 1280 Samsung Mobile Processor and Wearable Processor Exynos 2200 Samsung Mobile Processor and Wearable Processor Exynos 1330 Samsung Mobile Processor and Wearable Processor Exynos 1380...

PT-2025-38201

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel’s DRM scheduler related to handling GPU resets. The issue arises from an incorrect check of the scheduler's ready condition before calling timeout...

Linux Distros Unpatched Vulnerability : CVE-2022-31618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it can dereference a null pointer, which may lead to denial of...

Linux Distros Unpatched Vulnerability : CVE-2011-1302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors...