CVE-2026-9906

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9898

CVE-2026-9898 affects Google Chrome’s GPU component on Android, with insufficient validation of untrusted input allowing potential sandbox escape if the renderer is compromised via a crafted HTML page. The issue targets Android users running Chrome before build 148.0.7778.216. Google released the...

CVE-2026-9898

Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9895

Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9895

CVE-2026-9895 is a GPU-related out-of-bounds read in the Chromium-based Google Chrome browser. The vulnerability affects the GPU component and was exploitable by a renderer process compromise via a crafted HTML page, potentially enabling a sandbox escape. Affected versions are Chrome prior to 148...

CVE-2026-9894

Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9895

Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9872

Google Chrome on Android prior to 148.0.7778.216 has an out-of-bounds write in the GPU component of Chromium, which could allow a remote attacker to escape the sandbox via a crafted HTML page. The issue is tracked as CVE-2026-9872 and is considered Critical. A fix is included in Chrome 148.0.7778...

CVE-2026-9872

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-9872

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-46156

A flaw was found in the Linux kernel's LoongArch architecture. An issue in the loongsongpufixupdmahang function, specifically with incorrect handling of device IDs when a discrete GPU is inserted, can lead to an Address Data Error ADE. This flaw may allow a local attacker to trigger a kernel pani...

CVE-2026-9122

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489579953...

CVE-2026-9121

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488064108...

Exploit for Missing Release of Memory after Effective Lifetime in Arm 5Th_Gen_Gpu_Architecture_Kernel_Driver

CVE-2023-26083 – Mali GPU Kernel Address Leak via Timeline Str...

CVE-2026-46156

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix potential ADE in loongsongpufixupdmahang The switch case in loongsongpufixupdmahang may not DC2 or DC3, and readlcrtcreg will access with random address, because the "device" is from "base+PCIDEVICEID", "base" is...

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

CVE-2026-46229

The CVE-2026-46229 issue affects the Linux kernel’s DRM/AMDKFD path: KFD VRAM allocations could leave stale data because AMDGPU_GEM_CREATE_VRAM_CLEARED was not applied in the KFD code path, unlike the GEM/user paths which already set VRAM_CLEARED. This allowed stale page-table remnants to leak in...

CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

CVE-2026-46217

Removed by vendor...

CVE-2026-46156

CVE-2026-46156 affects the Linux kernel LoongArch implementation, specifically loongson_gpu_fixup_dma_hang(), where the code may read device registers using an incorrect base (base+PCI_DEVICE_ID) when a discrete GPU is present. This causes ADE and can trigger a kernel panic, leading to local DoS....