133 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-50437
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized...
SUSE CVE-2022-50528
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in gpuvmimportdmabuf function...
RHEL 9 : kernel-rt (RHSA-2025:17123)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17123 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
CVE-2022-50417 drm/panfrost: Fix GEM handle creation ref-counting
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrostgemcreatewithhandle previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a...
CVE-2022-50390 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...
CVE-2023-53352 drm/ttm: check null pointer before accessing when swapping
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: 90.002283 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASA...
DEBIAN-CVE-2023-53263
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveauconnectorcreate We can't simply free the connector after calling drmconnectorinit on it. We need to clean up the drm side first. It might not fix all regressions fr...
Linux Distros Unpatched Vulnerability : CVE-2025-38669
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert drm/gem-shmem: Use dmabuf from GEM object instance This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject ...
Security Vulnerabilities fixed in Thunderbird 140.2 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Linux Distros Unpatched Vulnerability : CVE-2024-7519
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox...
Linux Distros Unpatched Vulnerability : CVE-2020-12407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The...
GPUHammer: Rowhammer Attacks on GPU Memories Are Practical
Rowhammer is a read disturbance vulnerability in modern DRAM that causes bit-flips, compromising security and reliability. While extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its impact on GPUs using GDDR memories, critical for emerging machine learning applications,...
CVE-2022-49948 vt: Clear selection before changing the font
In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctlKDFONTOP the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus...
CVE-2025-27038 Use After Free in Graphics
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome...
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool...
kernel: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfdfreegttmem clear the correct pointer Pass pointer reference to amdgpubounref to clear the correct pointer, otherwise amdgpubounref clear the local variable, the original pointer not set to NULL, this could cause...
SUSE CVE-2023-53095
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res-bo assignment is protected ...
SUSE CVE-2024-36353
Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the wor...
CVE-2021-47657 drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...