244 matches found
PT-2026-55987
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon CCW affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that utilize the same buffer file descriptor input. IOCTL is a system call used by...
EUVD-2026-39190
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
CVE-2026-56129
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
CVE-2026-56129
CVE-2026-56129 concerns a vulnerability in a Generic IO & Memory Access driver for PCs from Toshiba Corporation and Dynabook Inc. that exposes its IOCTL with insufficient access control. The flaw enables a logged-in user with no administrative privilege to access physical memory through the drive...
CVE-2026-8050
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...
CVE-2026-46294
CVE-2026-46294 affects the Linux kernel device-mapper (dm-ioctl) in the retrieve_status path. A buffer-overflow could occur after aligning a pointer to an 8-byte boundary if the remaining length calculation wraps past the output buffer, potentially allowing writes beyond the buffer. The advisory ...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...
drm/amdkfd: validate SVM ioctl nattr against buffer size
...
Astra Linux – Vulnerability in Linux 5.10, Linux
A flaw in the Linux kernel was discovered in the i740 driver. The userspace program can pass any value to the driver through the ioctl interface. The driver does not check the value of ‘pixclock’, which may lead to a division by zero error...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpib: A use-after-free occurred in the IO ioctl handlers. The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after the board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel, as of version 6.6.8, has a use-after-free issue due to a race condition involving btsockioctl...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: An error will occur if pixclock equals zero. The user-space program can pass any values to the driver through the ioctl interface. If the driver does not check the value of pixclock, it may lead to a divide-by-zero...
CVE-2026-43319
A flaw was found in the Linux kernel's spidev driver. A local user, by performing concurrent write and ioctl operations on the same spidev file descriptor from separate threads, could trigger a lock inversion. This issue can lead to a deadlock, resulting in a Denial of Service DoS for the affecte...
CVE-2026-43338
CVE-2026-43338 affects the Linux kernel with the Btrfs filesystem. The issue arises because qgroup ioctls do not reserve transaction space, allowing -ENOSPC scenarios during quota-tree updates and delayed refs, which can abort transactions and enable a DoS condition. Vendors have published adviso...
CVE-2026-36355
The CVE-2026-36355 issue affects the Realtek rtl8192cd Wi‑Fi kernel driver in the rtl819x Jungle SDK (all known versions up to v3.4.14B). The underlying problem is missing access checks on the debug handlers write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6), which are compiled into production ...
CVE-2025-47408
Memory corruption when another driver calls an IOCTL with invalid input/output buffer...
CVE-2025-47408
CVE-2025-47408 involves memory corruption in Power Optimization Firmware triggered when a second driver issues an IOCTL with an invalid input/output buffer. The CVE is described as an Untrusted Pointer Dereference in firmware per CVE record, aligning with the NVD description of memory corruption ...
CVE-2026-31769
In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...
CVE-2025-52347
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...