27 matches found
kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...
EUVD-2024-19556
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...
CVE-2021-26380
A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...
PT-2026-31690
Name of the Vulnerable Software and Affected Versions Wasmtime versions 25.0.0 through 36.0.6, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may allow guest WebAssembly code to access host memory outside of its designated sandbox when using the Winch compiler backend. This...
CVE-2026-4371
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...
ROS-20260126-73-0009
A vulnerability in the fs/ext4/dir.c module of the Linux kernel is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality and availability of protected information...
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...
Vulnerability of the rxe_comp_queue_pkt() function in the drivers/infiniband/sw/rxe/rxe_comp.c module – This is a driver for Linux kernel support for InfiniBand, which allows an attacker to compromise the integrity of protected information or cause service failures.
Vulnerability of the rxecompqueuepkt function in the drivers/infiniband/sw/rxe/rxecomp.c module – The Linux kernel’s InfiniBand support driver is vulnerable when operations occur outside of memory buffers. Exploiting this vulnerability could allow an attacker to compromise the integrity of...
PT-2025-2941 · Unknown · Graphics Ddk
Name of the Vulnerable Software and Affected Versions: Graphics DDK version = 24.2 RTM2 Description: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Recommendations: For versions = 24....
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve an exploit where operations are performed outside the buffer in memory, allowing attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to the execution of operations beyond the buffer in memory. Exploiting these vulnerabilities can allow...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
AMD Secure Processor Security Vulnerability
AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. A security vulnerability exists in AMD Secure Processor, which stems from the fact that insufficient validation of the SPI flash address in the bootloader could allow an attacker to read data mapped to memory other than the SP...
The vulnerability of the built-in software of the ARIS controller, related to reading data outside the buffer in memory, allows a intruder to perform a service failure.
The vulnerability of the built-in software of the ARIS controller is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to perform a service failure through a specially crafted request...
ARM Mali GPU Kernel Driver 缓冲区错误漏洞
ARM Mali GPU Kernel Driver is a driver for a graphics processor unit from ARM UK. A security vulnerability exists in the ARM Mali GPU Kernel Driver that originates from an unprivileged user being able to perform incorrect GPU memory handling operations to access a limited amount outside of buffer...
PT-2023-15026 · Arm · Arm Mali Gpu Kernel Driver
Name of the Vulnerable Software and Affected Versions: Arm Mali GPU Kernel Driver versions Valhall r29p0 through r41p0 Arm Mali GPU Kernel Driver versions Avalon r41p0 before r42p0 Description: An issue was discovered in the Arm Mali GPU Kernel Driver, allowing a non-privileged user to make...
The vulnerability of the AMD Secure Encrypted Virtualization (SEV) technology in microprogramming software for AMD processors allows attackers to disclose protected information.
The vulnerability of AMD Secure Encrypted Virtualization SEV microprogramming software for processors is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...
The vulnerability of the implementation of the finfo_buffer() function in the PHP programming language allows a hacker to execute arbitrary code.
The vulnerability of the finfobuffer function implementation in the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the kernel of operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows attackers to gain increased privileges.
The vulnerability in the kernel of operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to the issue of executing code outside of the buffer memory. This allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to the issue of code execution outside the buffer. Exploiting these vulnerabilities can allow a malicious actor to execute arbitra...
CVE-2021-37639 Null pointer dereference and heap OOB read in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...