1071 matches found
PT-2026-36498
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...
Exploit for CVE-2025-7771
🔓 ThrottleStop.sys Kernel Exploit — HVCI-Compatible Physical M...
OESA-2026-1890 ocaml security update
OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package includes runtime environment, X11 support ,Documentation generator and emacs. Security Fixes: In OCaml through 4.14.3, Bigarray.reshape allows an integer...
PT-2026-31688
Name of the Vulnerable Software and Affected Versions Wasmtime versions 32.0.0 through 36.0.6, 42.0.2, and 43.0.1 Description Wasmtime's Cranelift compilation backend has a flaw on aarch64 architectures when handling specific heap access patterns. This can lead to incorrect address calculations,...
CVE-2026-31411
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...
SUSE CVE-2026-34159
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
CVE-2026-22163
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2026-22163
The CVE-2026-22163 entry describes a local, high-severity GPU driver vulnerability in Imagination Graphics DDK where malware can misuse the DDK kernel module IOCTL interface to subvert the GPU and perform writes to arbitrary physical memory pages. The root cause is unsynchronized access to a shar...
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
PT-2026-26692
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from unsynchronized access to shared resources, potentially allowing the GPU to write to arbitrary physical memory pages...
bareiron 安全漏洞
Bareiron is a Minecraft game server developed by the P2R3 individual developer. Bareiron has a security vulnerability, which stems from the existence of arbitrary memory write conditions, potentially allowing unverified attackers to execute arbitrary code...
CVE-2026-3437
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...
CVE-2026-3437 Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits
An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...
CVE-2026-3437
An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...
CVE-2023-20514
Improper handling of parameters in the AMD Secure Processor ASP could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the pgtrgm due to lower-casing. An attacker can write arbitrary byte patterns onto server memory by submitting a specially crafted input string. This may potentially lead to privilege escalation or other...
CVE-2023-20514
Improper handling of parameters in the AMD Secure Processor ASP could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution...
MiracleLinux 7 : nss-3.79.0-5.el7 (AXSA:2023-5233:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5233:03 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : nss-3.79.0-11.el8 (AXSA:2023-5224:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5224:01 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...