CVE-2025-21458

The CVE-2025-21458 entry describes a memory corruption vulnerability in Qualcomm chipsets caused by concurrent IOCTL calls that map and unmap buffers. Documented impact is high (CVSS v3.1: AV Local, AC Low, PR Low, UI None, S U, C/H/I/A High) with a base score of 7.8. The vulnerability affects th...

CVE-2025-21456 Use After Free in NPU

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently...

CVE-2025-21456

CVE-2025-21456 affects Qualcomm chipsets where memory corruption can occur during IOCTL processing when multiple threads concurrently map/unmap buffers. The root cause is described as a concurrency issue in handling buffers under IOCTL commands, leading to memory corruption with a high-severity C...

CVE-2025-21456 Use After Free in NPU

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently...

CVE-2025-21455 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption while submitting blob data to kernel space though IOCTL...

CVE-2025-21455 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption while submitting blob data to kernel space though IOCTL...

CVE-2025-21455

Memory corruption while submitting blob data to kernel space though IOCTL...

CVE-2025-21455

CVE-2025-21455 describes memory corruption when submitting blob data to kernel space through IOCTL on Qualcomm chipsets. Affected component: kernel IOCTL handling for blob data. Root cause: memory corruption in blob submission path; exploitation is local (attack vector LOCAL) with low privileges ...

PT-2025-32139

Name of the Vulnerable Software and Affected Versions: Bluetooth Host affected versions not specified Description: A memory corruption issue exists while processing IOCTL commands with larger buffers in the Bluetooth Host. Recommendations: At the moment, there is no information about a newer...

PT-2025-32123 · Ioctl · Ioctl

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A memory corruption issue exists when the IOCTL interface is called to map and unmap buffers at the same time. Recommendations: At the moment, there is no information about a newer version that...

PT-2025-32121 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A memory corruption issue exists when processing an IOCTL command with concurrent mapping and unmapping of buffers by multiple threads. Recommendations: At the moment, there is no information about...

PT-2025-32134 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A memory corruption issue exists when processing an IOCTL command with an arbitrary address. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...

PT-2025-32120 · Kernel · Kernel

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A memory corruption issue exists when submitting blob data to kernel space through an IOCTL Input/Output Control call. This can lead to system instability or potential code execution...

SUSE CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38481

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

AZL-65922 CVE-2025-38481 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481

Technical details for CVE-2025-38481 are not provided in the connected documents. The initial description notes a comedi kernel fix (n_insns limit) but contains no vendor/product/version/exploit details beyond that.