UBUNTU-CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

EUVD-2026-28704

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpuuserqwaitioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough value...

EUVD-2026-28705

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011083)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011083 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfsioctlwrapcopy The ioctl helper function nilfsioctlwrapcopy,...

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007240 advisory. In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When...

CVE-2026-21373 Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing...

CVE-2025-54601

The CVE-2025-54601 affects the Wi‑Fi driver in Samsung’s Mobile Processor and Wearable Processor family (Exynos 980/850/1080/1280/1330/1380/1480/1580, W920, W930, W1000). Root cause: improper synchronization on a global variable that leads to a double free. Exploit vector: an attacker can trigger...

CVE-2025-15038

The CVE-2025-15038 affected component is the ASUS Business System Control Interface driver. A vulnerability described as Out-of-Bounds allows a local, unprivileged user to craft an IOCTL request that can trigger kernel information disclosure or cause a system crash. The exposure is linked to loca...

CVE-2025-47399

CVE-2025-47399 describes memory corruption occurring when processing an IOCTL to update sensor property settings with invalid input parameters. The CVE is linked to Qualcomm-reported data with a CVSS v3.1 base score of 7.8 (HIGH) and a LOCAL attack vector, requiring LOW privileges and no user int...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003679 advisory. A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003042)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003042 advisory. sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a deni...

EUVD-2025-205227

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUPCREATE ioctl function, which arose as pointer to the group is accessed in that ioctl function after...

PT-2025-49434

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s videobuf2 subsystem. The vb2 ioctl remove bufs function can manipulate the internal buffer list of a queue, potentially overwriting pointers used when...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

cve-2021-21551-PoC This repo contain a PoC I have done whe...

CVE-2025-27049

Transient DOS while processing IOCTL call for image encoding...

CVE-2025-27059

CVE-2025-27059 is a memory corruption issue occurring when performing an SCM call in Qualcomm TZ firmware. The CVE entry and multiple connected sources (Red Hat, NVD, CVEList, CNNVD) describe memory corruption triggered during SCM calls, with the CVEList title explicitly noting use of an out-of-r...

EUVD-2022-55368

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct...

Linux Distros Unpatched Vulnerability : CVE-2022-50102

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - video: fbdev: arkfb: Fix a divide-by-zero bug in arksetpixclock Since the user can control the arguments of the ioctl from the user space, under special...