EUVD-2025-208323

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

Wincor Nixdorf wnBios64.sys 安全漏洞

Wincor Nixdorf wnBios64.sys is a kernel driver developed by the German company Wincor Nixdorf. The version wnBios64.sys 1.2.0.0 contains a security vulnerability. This vulnerability stems from the lack of boundary checks in the IOCTL handler of code 0x80102058. It may lead to stack buffer...

PT-2026-23482

Name of the Vulnerable Software and Affected Versions Wincor Nixdorf wnBios64.sys version 1.2.0.0 Description A stack buffer overflow exists in the wnBios64.sys kernel driver within the IOCTL handler for code 0x80102058. The issue is due to a lack of bounds checking on the user-controlled Options...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

K000160225: Intel 800 Ethernet vulnerability CVE-2025-23241

Security Advisory Description Integer overflow or wraparound in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-23241 Impact There is no impact; F5 products ar...

K000160224: Intel 800 Series Ethernet vulnerability CVE-2025-24484

Security Advisory Description Improper input validation in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-24484 Impact There is no impact; F5 products a...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

Exploit for Improper Privilege Management in Microsoft

Windows Privilege Escalation ========================== A col...

ViGEmBus-Driver-Exploitation

Summary ViGEmBus.sys is a kernel-mode driver used for virtu...

CVE-2025-25058

Improper initialization for some ESXi kernel mode driver for the IntelR Ethernet 800-Series before version 2.2.2.0 esxi 8.0 & 2.2.3.0 esxi 9.0 within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexi...

CVE-2026-23206 dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...

CVE-2026-23174 nvme-pci: handle changing device dma map requirements

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dmaneedsunmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme...

EUVD-2026-5885

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping TTLM elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access point...

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping

A flaw was found in the Linux kernel’s ASoC Intel bytcrrt5640 driver. When an invalid value is passed via the driver’s “quirk” input option, the driver merely logs an error and retains the invalid value, rather than correcting it. This can result in out-of-bounds OOB memory access...

📄 NPU Driver Use-After-Free Detector

This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...

CVE-2026-23056 uacce: implement mremap in uacce_vm_ops to return -EPERM

In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uaccevmops to return -EPERM The current uaccevmops does not support the mremap operation of vmoperationsstruct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disab...