Qualcomm Chipsets security vulnerabilities

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...

CVE-2026-43319

A flaw was found in the Linux kernel's spidev driver. A local user, by performing concurrent write and ioctl operations on the same spidev file descriptor from separate threads, could trigger a lock inversion. This issue can lead to a deadlock, resulting in a Denial of Service DoS for the affecte...

CVE-2026-43338

CVE-2026-43338 affects the Linux kernel with the Btrfs filesystem. The issue arises because qgroup ioctls do not reserve transaction space, allowing -ENOSPC scenarios during quota-tree updates and delayed refs, which can abort transactions and enable a DoS condition. Vendors have published adviso...

CVE-2026-36355

The CVE-2026-36355 issue affects the Realtek rtl8192cd Wi‑Fi kernel driver in the rtl819x Jungle SDK (all known versions up to v3.4.14B). The underlying problem is missing access checks on the debug handlers write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6), which are compiled into production ...

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

CVE-2025-47408

CVE-2025-47408 involves memory corruption in Power Optimization Firmware triggered when a second driver issues an IOCTL with an invalid input/output buffer. The CVE is described as an Untrusted Pointer Dereference in firmware per CVE record, aligning with the NVD description of memory corruption ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel, as of version 6.6.8, has a use-after-free issue due to a race condition involving btsockioctl...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A flaw in the Linux kernel was discovered in the i740 driver. The userspace program can pass any value to the driver through the ioctl interface. The driver does not check the value of ‘pixclock’, which may lead to a division by zero error...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In...

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

CVE-2025-52347

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

CVE-2025-52347

The CVE-2025-52347 entry concerns DirectIo64.sys in PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004. The underlying issue is a vulnerability in the DirectIo64.sys component that allows attackers to access kernel memory and escalate privileg...

CVE-2025-52908

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2...

CVE-2026-21380

CVE-2026-21380 involves memory corruption (use-after-free) in the DSP service when deprecated DMABUF IOCTL calls are used to manage video memory. Documents describe a local, low-privilege attack with no user interaction and high impact to confidentiality, integrity, and availability. Root cause i...

CVE-2026-21376 Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver...

CVE-2026-23236

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...

kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation

A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...

CVE-2025-47386

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...