CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...

CVE-2026-10008

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-46229

The CVE-2026-46229 issue affects the Linux kernel’s DRM/AMDKFD path: KFD VRAM allocations could leave stale data because AMDGPU_GEM_CREATE_VRAM_CLEARED was not applied in the KFD code path, unlike the GEM/user paths which already set VRAM_CLEARED. This allowed stale page-table remnants to leak in...

Linux Distros Unpatched Vulnerability : CVE-2026-9113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...

CVE-2026-9113

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine VM to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service DOS condition...

EUVD-2026-28013

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7955

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

PT-2026-38148

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory through a crafted HTML...

CVE-2026-6920

CVE-2026-6920 describes an out-of-bounds read in the GPU component of Google Chrome on Android, allowing a remote attacker who compromises the renderer process to potentially escape the sandbox via a crafted HTML page. Affected: Chrome on Android; vulnerable component: GPU/renderer interaction; r...

CVE-2026-21733 RESERVED

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

CVE-2026-21733

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

CVE-2026-21733 RESERVED

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

EUVD-2026-13836

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

CVE-2026-22163

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

CVE-2026-22163

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

CVE-2025-47397

CVE-2025-47397 describes a memory corruption vulnerability in GPU memory mapping using scatter-gather lists caused by unchecked IOMMU mapping errors. Affected component is involved in GPU memory mapping; the issue is exploitable locally with low privileges and no user interaction, with high impac...

EUVD-2025-206609

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...