CVE-2025-21456

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently...

CVE-2025-21456

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently...

CVE-2025-21456 Use After Free in NPU

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently...

CVE-2019-14010

The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in...

cvp Incorrect Bailout Use-After-Free

In the function msmcvpmapbufwncc reachable from the EVAKMDREGISTERBUFFER ioctl, after cbuf is created and fully initialized, it is unconditionally added to the linked list inst-cvpwnccbufs.list. msmcvpmapbufwncc then tries to add an entry for the buffer to inst-cvpwnccbufstable. This can fail if...

CVE-2024-53148 comedi: Flush partial mappings in error case

In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remappfnrange calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedibufmapputbm. The...

PT-2025-3269

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 Description An overflow occurred in the Linux kernel's ring-buffer when performing a calculation. The issue was reported as a slab-out-of-bounds in the rb map vma function...

CVE-2024-46710 drm/vmwgfx: Prevent unmapping active read buffers

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a buffer "a" mapped for update b...

UBUNTU-CVE-2024-42275

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix error code in drmclientbuffervmaplocal This function accidentally returns zero/success on the failure path. It leads to locking issues and an uninitialized mapcopy in the caller...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching...

SUSE CVE-2022-48714

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VMMAP instead of VMALLOC for ringbuf After commit 2fd3fb0be1d1 "kasan, vmalloc: unpoison VMALLOC pages after mapping", non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enabled. But now the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a security flaw in the parameters used to validate bo mapping operations...

SUSE CVE-2020-11740

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not...

PT-2025-54112

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the USB function device call musb gadget queue within the musb gadget.c file. When a request's length exceeds the endpoint packet size and is buffer mappedreq returns...

DEBIAN-CVE-2020-11740

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not...

ALPINE-CVE-2020-11740

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not...

UBUNTU-CVE-2020-11740

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not...

Code injection

The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in...

CVE-2019-14010

The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in...