CVE-2026-8050

In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...

CVE-2026-46294

Technical details about CVE-2026-46294 are not publicly available in the provided documents. Monitor for updates.

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...

drm/amdkfd: validate SVM ioctl nattr against buffer size

...

Astra Linux - уязвимость в linux-5.10, linux

A flaw in the Linux kernel was discovered in the i740 driver. The userspace program can pass any value to the driver through the ioctl interface. The driver does not check the value of ‘pixclock’, which may lead to a division by zero error...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: gpib: Fixed a use-after-free in IO ioctl handlers. The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after the board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the...

CVE-2026-43319

A flaw was found in the Linux kernel's spidev driver. A local user, by performing concurrent write and ioctl operations on the same spidev file descriptor from separate threads, could trigger a lock inversion. This issue can lead to a deadlock, resulting in a Denial of Service DoS for the affecte...

CVE-2026-43338

CVE-2026-43338 affects the Linux kernel with the Btrfs filesystem. The issue arises because qgroup ioctls do not reserve transaction space, allowing -ENOSPC scenarios during quota-tree updates and delayed refs, which can abort transactions and enable a DoS condition. Vendors have published adviso...

CVE-2026-36355

The CVE-2026-36355 issue affects the Realtek rtl8192cd Wi‑Fi kernel driver in the rtl819x Jungle SDK (all known versions up to v3.4.14B). The underlying problem is missing access checks on the debug handlers write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6), which are compiled into production ...

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

CVE-2025-47408

CVE-2025-47408 involves memory corruption in Power Optimization Firmware triggered when a second driver issues an IOCTL with an invalid input/output buffer. The CVE is described as an Untrusted Pointer Dereference in firmware per CVE record, aligning with the NVD description of memory corruption ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: An error will occur if pixclock equals zero. The user-space program can pass any values to the driver through the ioctl interface. If the driver does not check the value of pixclock, it may lead to a divide-by-zero...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel, as of version 6.6.8, has a use-after-free issue due to a race condition involving btsockioctl...

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

CVE-2025-52347

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

CVE-2025-52347

The CVE-2025-52347 entry concerns DirectIo64.sys in PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004. The underlying issue is a vulnerability in the DirectIo64.sys component that allows attackers to access kernel memory and escalate privileg...

CVE-2025-52908

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2...

CVE-2026-21380

CVE-2026-21380 involves memory corruption (use-after-free) in the DSP service when deprecated DMABUF IOCTL calls are used to manage video memory. Documents describe a local, low-privilege attack with no user interaction and high impact to confidentiality, integrity, and availability. Root cause i...

CVE-2026-21376 Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver...