CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-71110 mm/slub: reset KASAN tag in defer_free() before accessing freed memory

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in deferfree before accessing freed memory When CONFIGSLUBTINY is enabled, kfreenolock calls kasanslabfree before deferfree. On ARM64 with MTE Memory Tagging Extension, kasanslabfree poisons the memory an...

CVE-2025-71105

In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inlinexattrslab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------ cut here ------------ kmemcache of name 'f2fsxattrentry-7:7' alread...

kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory

A use-after-free memory bug exists in the linux kernel, such that unpoisonmemory tries to check the PGHWPoison flags of an uninitialized page. So VMBUGONPAGEPagePoisonedpage is triggered, leading to damage to the system availability and integrity...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000758 advisory. The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows loc...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001414 advisory. A memory leak flaw was found in the Linux kernels DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001381)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001381 advisory. A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000907)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000907 advisory. The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000604)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000604 advisory. Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of...

CVE-2026-20809

Time-of-check time-of-use toctou race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally...

CVE-2026-20809

Time-of-check time-of-use toctou race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally...

CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability

...

CVE-2026-20809

Time-of-check time-of-use toctou race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally...

CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-58409

CVE-2025-58409 is a GPU driver vulnerability affecting Imagination Technologies’ GPU driver/Imagination Graphics DDK. The issue arises when an unprivileged user performs improper GPU system calls, subverting GPU hardware to write to arbitrary physical memory pages. Under certain conditions this c...

CVE-2025-68802 drm/xe: Limit num_syncs to prevent oversized allocations

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed the KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported an issue in hfsplusdeletecat: 70.682285 T9333=========================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed the KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported an issue in hfsplusextcacheextent: 70.194323 T9350 BUG: KMSAN: uninit-value in hfsplusextcacheextent+0x7d0/0x990 70.195022 T9350...