Lucene search
K

6005 matches found

CVE
CVE
added 2 hours ago3 views

CVE-2026-15030

The CVE-2026-15030 entry concerns ASUS components: System Control Interface v3, System Control Interface, and ASUS Business Manager. The weakness is an out-of-bounds read caused by a crafted IOCTL request that bypasses validation, enabling a local administrator to read memory regions beyond the i...

5.6CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-9492

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 4:2 p.m.6 views

EUVD-2026-42053

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.7 views

CVE-2025-59617

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...

6.6CVSS6.1AI score0.00065EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59617 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...

6.6CVSS6.1AI score0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59616 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

6.6CVSS6.1AI score0.00064EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59616

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

6.6CVSS6.1AI score0.00064EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.3 views

The vulnerability of the drm_gem_change_handle_ioctl() function in the Direct Rendering Manager (DRM) subsystem of Linux kernels allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the changehandle function in the Direct Rendering Manager DRM subsystem of Linux kernels relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

7.8CVSS6AI score0.00134EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2026/07/04 1:15 p.m.3 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/03 2:1 a.m.38 views

CVE-2022-4989

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation...

8.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 2:1 a.m.24 views

CVE-2022-4989

CVE-2022-4989 affects the ASUS AI Suite 3 driver. The root cause is improper validation of a specified quantity in input, enabling a local user to craft IOCTL requests that access unintended memory regions and escalate privileges. The CVSS indicates high impact to confidentiality, integrity, and ...

8.5CVSS5.8AI score0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:0 a.m.7 views

CVE-2022-4990

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...

7.3CVSS5.8AI score0.00096EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 2:16 p.m.5 views

UBUNTU-CVE-2026-53337

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.7AI score0.00164EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40971

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.8AI score0.00164EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 1:32 p.m.16 views

CVE-2026-53337

The CVE concerns the Linux kernel bonding code: in bond_do_ioctl(), slave_dev is fetched via __dev_get_by_name() and then immediately used in a slave_dbg() call before checking for NULL, causing a NULL-pointer dereference when a non-existent slave interface name is provided (e.g., via bonding ioc...

5.8AI score0.00164EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 1:32 p.m.1 views

CVE-2026-53337 net: bonding: fix NULL pointer dereference in bond_do_ioctl()

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.8AI score0.00164EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/29 8:48 a.m.8 views

CVE-2026-53320

A flaw was found in the Linux kernel's nilfs2 filesystem. A local attacker could exploit this vulnerability by sending a specially crafted input/output control ioctl request to the nilfsioctlmarkblocksdirty function. By providing a zero block number, the attacker can bypass a critical dead block...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.9 views

SUSE CVE-2026-53320

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

5.8AI score0.00121EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when check...

7.1CVSS6.2AI score0.00153EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current blo...

5.5CVSS6AI score0.00121EPSS
Exploits0References2
Rows per page
Query Builder