CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

CVE-2026-8070

Armoury Crate contains an incorrect permission assignment in a critical resource, allowing a local user to bypass the driver’s validation and gain unauthorized read/write access to physical memory. Impact is described as HIGH with local attack vector and LOW privileges required, no user interacti...

EUVD-2026-33244

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

ASUS Armoury Crate 安全漏洞

ASUS Armoury Crate is a software utility developed by ASUS Corporation in China. It aims to provide centralized control over supported ROG gaming products. ASUS Armoury Crate has a security vulnerability caused by improper allocation of permissions for critical resources. This vulnerability may...

PT-2026-44743

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

EUVD-2025-209526

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

CVE-2025-71236

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature 154563.214890 nvme nvme2: NVME-FC1: controller connect complete 154564.169363 qla2xxx 0000:b0:00.1-3002:2: nvme: Sched: Set ZIO...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...

kernel: nbd: fix incomplete validation of ioctl arg

A flaw has been found in the Linux kernel’s NBD drivers.The issue stems from incomplete validation of IOCTL arguments passed to the NBD driver. Specifically, oversized or unchecked arguments may lead to a signed integer overflow in blockwritefullpage and misuse of argument values cast to int in...

EUVD-2019-2310

Malware in sbrugna...

EUVD-2024-30782

Malicious code in bioql PyPI...

CVE-2025-52915

CVE-2025-52915 affects K7RKScan.sys 23.0.0.10 (K7 Security Anti-Malware). The vulnerability arises from insufficient caller validation in the driver’s IOCTL handler, allowing an admin-privileged user to send crafted IOCTLs to terminate processes protected by a third-party implementation, in kerne...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: TSX Asynchronous Abort condition bsc1139073. CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL...

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

CVE-2025-0289 CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service...

CVE-2024-33037

CVE-2024-33037 describes information disclosure in Qualcomm NPU stack: the NPU firmware can send an invalid IPC message to the NPU driver, and the driver does not validate the IPC message, enabling potential disclosure of sensitive information. Documents consistently identify the root cause as un...