CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

CVE-2025-10237

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

FreeBSD -- Arm CPU errata may bypass page table permission changes

Problem Description: Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has be...

CVE-2026-5941

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

EUVD-2026-33627

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

EUVD-2026-32369

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive memory writes by the Dawn component, which could allow remote attackers to execute excessive memory writes...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: The existing SPTE is preserved even when creating an MMIO SPTE. When installing an emulated MMIO SPTE, do so after preserving the existing SPTE if it is shadow-present. However, the fix proposed in commit 54aa15c6bd...

Astra Linux - уязвимость в firefox, thunderbird, nss

An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

EUVD-2023-35627

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2025-29938

CVE-2025-29938 affects AMD Platform Management Framework (PMF). The issue is an unchecked return value that could allow an attacker to write to an arbitrary memory address, potentially causing denial of service or arbitrary code execution. CVSS:4.0 (AV:L/AC:L/PR:L/UI:N/S:C/VC:N/VI:L/VA:H/SC:H/SI:...

AMD多款产品 安全漏洞

The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have security vulnerabilities; these vulnerabilities stem from the lack of checking return values, which may allow attackers to write arbitrary memory addresses, resulting in...

PT-2026-41250

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution...

EUVD-2026-30433

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

MongoDB Server 缓冲区错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a buffer error vulnerability in MongoDB Server, which stems from...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient trustworthiness in Skia’s input validation mechanisms, which could allow remote attackers t...