USN-7185-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in th...

PT-2026-7116

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw exists in GnuTLS that can lead to a denial of service DoS. This occurs due to excessive CPU and memory consumption when processing maliciously crafted certificates. These certificates...

PT-2024-37065 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically related to the GFX9 hardware support. The issue concerned the cleaner shader, where an omission in the previous patc...

CVE-2024-33037 Buffer Over-read in Neural Processing Unit

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the NPU firmware being able to send invalid Inter-Process Communication IPC messages to the NPU driver without the driver validating the IPC messages...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of some GPU-mapped BOs in the drm/panthor component, resulting in a kernel warning...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a potential memory corruption when passing invalid input to invoke the GPU Headroom API if the input is not validated...

PT-2024-30628 · Imagination Technologies +1 · Graphics Ddk +1

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows software installed and run by a non-privileged user to make improper GPU system calls, enabling unprivileged access to an...

CVE-2024-21949

Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash...

AMD NPU driver 输入验证错误漏洞

AMD NPU driver is a driver for an NPU module from UltraMicroelectronics AMD. A security vulnerability exists in AMD NPU driver that stems from incorrect user input validation. An attacker exploiting the vulnerability could supply an unexpectedly sized buffer, which could cause a system crash...

AMD NPU driver 安全漏洞

AMD NPU driver is a driver for an NPU module from UltraMicroelectronics AMD. A security vulnerability exists in AMD NPU driver that stems from incorrect input validation. An attacker exploiting the vulnerability could provide specially crafted pointers that could lead to arbitrary code execution...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper CPU buffer clearing on NMI return...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when processing voice packets received from an ADSP containing arbitrary data...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when handling GPU page table switches...

PT-2025-2867 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when reading CPU state data during the suspension of a guest virtual machine. This corruption happens...

CVE-2024-0106

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit DPU contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information...

DEBIAN-CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943 Improper signature verification of firmware upgrade files

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943

CVE-2024-47943 affects the Rittal IoT Interface & CMC III Processing Unit. The firmware upgrade feature does not properly verify patch signatures: the signing uses an HMAC-like mechanism with a hard-coded key, which is publicly available, allowing attackers to craft malicious signed .patch files ...