Lucene search
+L

366 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago11 views

EUVD-2026-44589

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-15029

The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-9492 GIGABYTE|Gigabyte Control Center - Improper Access Control

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-57623

Name of the Vulnerable Software and Affected Versions Gigabyte Control Center affected versions not specified Description The MBStorage DRAM lighting control module within Gigabyte Control Center GCC contains an improper access control issue. Authenticated local attackers can send specific IOCTL...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 8:50 p.m.14 views

CVE-2026-7639

CVE-2026-7639 describes a vulnerability where software running as a non-privileged user can trigger a sequence of improper GPU system calls that cause use-after-free in the driver, enabling unprivileged access to memory from shader code. The failure path in MMU mapping can prevent complete cleanu...

7.8CVSS6.1AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 8:42 p.m.32 views

CVE-2026-34196 GPU DDK - UAF read and/or write of arbitrary physical memory due to integer truncation in PMRDevPhysAddrOSMem

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 8:42 p.m.13 views

CVE-2026-34196

CVE-2026-34196 concerns GPU-driver code: when non-privileged software makes improper GPU system calls, an integer overflow can cause two GPU virtual addresses to map to the same physical page. After freeing the first mapping and the physical page, the second mapping can be used to read/write to m...

7.8CVSS6.1AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 8:33 p.m.32 views

CVE-2026-58583

CVE-2026-58583 affects FluxInk Color Management Driver (TcnPeripheral64.sys) 1.0.7.2, enabling local privilege escalation for a standard user via arbitrary physical memory mapping at \Device\PhysicalMemory. Root cause: memory mapping vulnerability in the driver. Impact: potential elevation of pri...

8.4CVSS6AI score0.00101EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 8:33 p.m.10 views

EUVD-2026-42094

FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...

8.4CVSS6AI score0.00101EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:33 p.m.8 views

CVE-2026-58583

FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...

8.4CVSS6AI score0.00101EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 5:16 p.m.12 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 4:2 p.m.6 views

EUVD-2026-42053

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:31 a.m.8 views

EUVD-2026-39190

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 8:16 a.m.9 views

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 7:3 a.m.34 views

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.7 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

5.3CVSS5.8AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.17 views

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References1
Rows per page
Query Builder