835 matches found
EUVD-2026-23640
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 MemoryMapRange allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical...
CVE-2026-40572 NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 MemoryMapRange allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical...
CVE-2026-40572
NovumOS vulnerability CVE-2026-40572: In versions prior to 0.24, Syscall 15 (MemoryMapRange) lets Ring-3 user processes map arbitrary virtual ranges into their address space without validating against forbidden regions, including kernel structures (IDT, GDT, TSS, page tables). This can allow a lo...
PT-2026-33549
Name of the Vulnerable Software and Affected Versions NovumOS versions prior to 0.24 Description Syscall 15 'MemoryMapRange' allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions. This includes critical kern...
CVE-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...
EUVD-2026-21014
The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...
CVE-2026-29923
The CVE relates to EnTech Taiwan PowerStrip ≤ 3.90.736 where the pstrip64.sys kernel driver exposes IOCTL 0x80002008 that, without proper checks, maps arbitrary physical memory into an unprivileged process via \Device\PhysicalMemory/ZwMapViewOfSection. This creates an unrestricted physical memory...
pstrip64.sys Privilege Escalation
The pstrip64.sys kernel driver exposes an IOCTL that allows low-privileged users to map arbitrary ranges of physical memory into their own virtual address space. This primitive allows full read/write access to the system's physical RAM, enabling attackers to modify critical kernel structures and...
Exploit for Access of Memory Location Before Start of Buffer in Apple Ipados
CVE-2024-27840 — Kernel Memory Protection Bypass First publ...
EUVD-2026-15372
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
UBUNTU-CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the mapping of physical blocks by the checkswapactivate function, potentially leading...
SUSE CVE-2026-23133
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...
EUVD-2026-5865
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dmaneedsunmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme...
SUSE CVE-2026-23093
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from a lack of boundary checks in the vpummap function of vpuioctl. This vulnerability may lead to arbitrary memory mapping, potentially...
CVE-2026-23097
In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...
CVE-2026-23097
In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...
CVE-2026-23093 ksmbd: smbd: fix dma_unmap_sg() nents
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...