Lucene search
+L

854 matches found

NVD
NVD
added 2026/07/10 9:16 p.m.7 views

CVE-2026-41154

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

7.8CVSS0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 8:46 p.m.7 views

EUVD-2026-43034

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

6.1AI score0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 8:46 p.m.13 views

CVE-2026-41154

CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:37 p.m.3 views

DRUPAL-CONTRIB-2026-055

This module enables you to utilize an agent to use Drupal core actions tools with bypassed access. Certain Drupal core actions, exposed as agent tools did not have correct access validation, and some core actions were missing associated access-level definitions. This vulnerability is mitigated by...

3.3CVSS5.8AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:23 p.m.3 views

CVE-2026-49220 Jellyfin: Potential XSS in user management

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header durin...

5.7CVSS6.2AI score0.00194EPSS
Exploits0References3
Drupal
Drupal
added 2026/06/24 12:0 a.m.8 views

AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

This module enables you to utilize an agent to use Drupal core actions tools with bypassed access. Certain Drupal core actions, exposed as agent tools did not have correct access validation, and some core actions were missing associated access-level definitions. This vulnerability is mitigated by...

3.3CVSS5.8AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 10:16 a.m.18 views

CVE-2026-34192

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

7.7CVSS0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 9:28 a.m.37 views

CVE-2026-41156 GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...

0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 9:28 a.m.14 views

EUVD-2026-38002

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...

5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 9:23 a.m.12 views

EUVD-2026-38001

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

5.8AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 9:23 a.m.34 views

CVE-2026-34192 GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 9:23 a.m.31 views

CVE-2026-34192

CVE-2026-34192 affects GPU driver components (GPU DDK) where MMU page tables are freed without proper cleanup in an error path, allowing a non-privileged user to trigger use-after-free of physical memory. The issue is caused by _MMU_AllocLevel error recovery paths that leave dangling page table e...

7.7CVSS5.8AI score0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 9:23 a.m.11 views

CVE-2026-34192

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50865

Name of the Vulnerable Software and Affected Versions GPU DDK affected versions not specified Description Software run by a non-privileged user can execute improper GPU system calls to trigger an error path, resulting in a Use-After-Free UAF of GPU page tables. This occurs because an error recove...

7.7CVSS5.7AI score0.0011EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36605

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

5.3AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36630

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.17 views

CVE-2026-34195

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

8.8CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.14 views

CVE-2026-41158

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

7.8CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.7 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References1
Rows per page
Query Builder