1565 matches found
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
EUVD-2026-43043
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...
CVE-2026-21046
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
EUVD-2026-42817
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2026-21046
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2026-21046
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2025-58151
CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...
CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2026-25271 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...
CVE-2026-25271
The CVE describes a TOCTOU race condition in Qualcomm DSP Service causing memory corruption when processing asynchronous input parameters due to improper handling of modified values between check and use. Affected component: DSP Service (Qualcomm). Root cause: TOCTOU under asynchronous input para...
EUVD-2026-24992
install: TOCTOU symlink race unlink-then-create without OEXCL allows arbitrary file overwrite...
CVE-2026-58299
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
EUVD-2026-41572
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
CVE-2026-58299
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
Microsoft Edge for Android Remote Code Execution Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
PT-2026-55645
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists, which is a software bug where a system checks the state of a resource before using it, but the state changes betwe...