1372 matches found
CVE-2025-71298
In CVE-2025-71298, the Linux kernel fix targets drm_gem_shmem_madvise_locking: the GEM object reservation lock is now held around the madvise path to correct locking in shmem tests. The update exposes a dedicated helper drm_gem_shmem_madvise() for Kunit tests (not intended as a driver interface)....
CVE-2025-71298 drm/tests: shmem: Hold reservation lock around madvise
In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drmgemshmemmadviselocked, which led to errors such as show...
CVE-2025-71298
In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drmgemshmemmadviselocked, which led to errors such as show...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of overflowing the length of shared memory lists, potentially leading to an unexpected...
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...
CVE-2026-43172
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from array out-of-bounds access during the 22000 series SMEM parsing in iwlwifi...
CVE-2026-31700
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...
📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox
This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...
CVE-2026-31654
A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...
CLSA-2026-1776880484 tigervnc: Fix of CVE-2026-34352
CVE-2026-34352: fix incorrect permissions on x0vncserver shared-memory image that allowed other users to observe or manipulate the screen or crash the server...
kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()
A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...
PT-2026-34242
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel's handling of protection keys for address ranges. The subroutine responsible for updating page table entries fails to account for 1GB largepage mappings creat...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013697)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013697 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011199)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011199 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO...
FreeBSD -- Missing large page handling in pmap_pkru_update_range()
Problem Description: In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface...
CVE-2026-21733 GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...
CVE-2026-21733 GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...
CVE-2026-21733
CVE-2026-21733 concerns a vulnerability in Imagination Technologies’ GPU driver where software running as a non-privileged user can perform improper GPU system calls due to incorrect handling of GPU memory reservation protections. The root cause is described as improper handling of GPU memory res...
kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()
A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...