895 matches found
📄 NPU Driver Use-After-Free Detector
This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...
CVE-2025-47398
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...
CVE-2025-47398
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...
EUVD-2025-206610
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...
CVE-2025-47398
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...
PT-2026-5676
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...
CVE-2025-65891
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...
kernel: KVM: arm64: Tear down vGIC on failed vCPU creation
A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...
PT-2026-5147
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.get device properties with an invalid or negative device index...
CVE-2025-65890
OneFlow CVE-2025-65890 describes a device-ID validation flaw in OneFlow v0.9.0 where calling flow.cuda.synchronize() with an invalid/out-of-range GPU device index triggers a Denial of Service. The issue, rated CVSS v3.1 base 7.5 (HIGH), has no published fixed version per Snyk, and other sources c...
Oneflow security vulnerabilities
Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability, which stems from a flaw in GPU device ID verification. This vulnerability could lead to denial-of-service attacks...
EUVD-2025-206473
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...
CVE-2025-70999
A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...
CVE-2025-65891
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...
CVE-2025-70999
OneFlow v0.9.0 is affected by a GPU device-ID validation flaw in the flow.cuda.get_device_capability() function that can cause a Denial of Service via a crafted device ID. The issue is described consistently across CVE records (NVD/Red Hat/ OSV/CIRCL) as a DoS condition stemming from improper val...
EUVD-2025-206472
A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...
um: init cpu_tasks[] earlier
...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003761)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003761 advisory. An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the...