CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

EUVD-2025-206472

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-70999

OneFlow v0.9.0 is affected by a GPU device-ID validation flaw in the flow.cuda.get_device_capability() function that can cause a Denial of Service via a crafted device ID. The issue is described consistently across CVE records (NVD/Red Hat/ OSV/CIRCL) as a DoS condition stemming from improper val...

um: init cpu_tasks[] earlier

...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003761 advisory. An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the...

CVE-2025-71138

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpuencoderphyswbsetupctl, but in a single place the check is missing. Also use convenient locals instead of physenc- where availabl...

UBUNTU-CVE-2025-71140

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...

CVE-2025-71138

CVE-2025-71138 pertains to the Linux kernel DRM MSM DPU, where a missing NULL pointer check for the pingpong interface was fixed. The vulnerability is addressed by upstream patch 693860, with the issue occurring in dpu_encoder_phys_wb_setup_ctl() and related code paths. Affected environments refe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a late initialization of the cputasks array, which could lead to a crash...

GHSA-MQ3P-RRMP-79JG go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message

Impact An attacker can cause high CPU usage by sending a specially crafted p2p message. More details to be released later. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @Yenya030...

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

CVE-2025-58411

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...

CVE-2025-58411

CVE-2025-58411 affects Imagination Graphics DDK (GPU driver) where a non-privileged user can trigger improper GPU system calls, leading to mismanagement of resource reference counts and a potential write use-after-free. Root cause: improper resource management and reference counting on an interna...

CVE-2025-58409

CVE-2025-58409 is a GPU driver vulnerability affecting Imagination Technologies’ GPU driver/Imagination Graphics DDK. The issue arises when an unprivileged user performs improper GPU system calls, subverting GPU hardware to write to arbitrary physical memory pages. Under certain conditions this c...

CVE-2025-68793 drm/amdgpu: fix a job->pasid access race in gpu recovery

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job-pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drmschedstop and later...

CVE-2025-68793

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job-pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drmschedstop and later...