kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation

A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...

kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation

A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...

CVE-2026-23199 procfs: avoid fetching build ID while holding VMA lock

In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...

CVE-2026-23149

In the Linux kernel, the following vulnerability has been resolved: drm: Do not allow userspace to trigger kernel warnings in drmgemchangehandleioctl Since GEM bo handles are u32 in the uapi and the internal implementation uses idralloc which uses int ranges, passing a new handle larger than INTM...

CVE-2026-23149 drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl()

In the Linux kernel, the following vulnerability has been resolved: drm: Do not allow userspace to trigger kernel warnings in drmgemchangehandleioctl Since GEM bo handles are u32 in the uapi and the internal implementation uses idralloc which uses int ranges, passing a new handle larger than INTM...

EUVD-2026-5890

In the Linux kernel, the following vulnerability has been resolved: drm: Do not allow userspace to trigger kernel warnings in drmgemchangehandleioctl Since GEM bo handles are u32 in the uapi and the internal implementation uses idralloc which uses int ranges, passing a new handle larger than INTM...

CVE-2026-23121

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

CVE-2026-23121 mISDN: annotate data-race around dev->work

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

CVE-2026-23121

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the drmgemchangehandleioctl function not verifying user-space inputs, potentially triggering a...

Exploit for Improper Privilege Management in Patriotmemory Viper_Rgb_Firmware

GenericDrv amigendrv64.sys - Proof of Concept Overview...

VulnCheck KEV: CVE-2025-70795

STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system...

CVE-2025-27535

Exposed ioctl with insufficient access control in the firmware for some IntelR Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable...

Intel Ethernet Connection E825-C 安全漏洞

The Intel Ethernet Connection E825-C is a series of network controllers developed by the American company Intel. Versions of Intel Ethernet Connection E825-C prior to NVM ver. 3.84 contain security vulnerabilities. These vulnerabilities stem from insufficient ioctl access control, which may lead ...

PT-2026-7292

Name of the Vulnerable Software and Affected Versions Intel Ethernet Connection E825-C firmware versions prior to 3.84 Description An issue exists due to insufficient access control in the firmware of certain Intel Ethernet Connection E825-C devices. A system software adversary with privileged us...

📄 Microsoft Windows 11 Pro 23H2 Kernel IOCTL Access Control

This Metasploit module exploits an insufficient access control vulnerability in the Windows Kernel through exposed IOCTL handlers. The vulnerability allows non-privileged users to access kernel-level functionality leading to privilege escalation...

VulnCheck KEV: CVE-2010-3437

Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...