kernel: possible privileges escalation due to missing TLB flush

A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

CVE-2022-20049

In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679...

MediaTek 多款产品安全漏洞

MediaTek Mt Series is a series of smartphone chips from China's MediaTek. A security vulnerability exists in several MediaTek products, which stems from a lack of privilege checking in the vpu, and may lead to privilege escalation. The following products and versions are affected:...

PT-2022-13468 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: PyTorch Lightning versions prior to 1.6.0 Description: The issue allows for code injection, potentially enabling an attacker to execute commands on the target operating system. This can be achieved by setting the PL TRAINER GPUS variable when...

ARM Mali GPU 缓冲区错误漏洞

ARM Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monitor to...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome GPU, which can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service condition...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21725 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21725 Source advisory: OSV:GHSA-V3F7-J968-4H5F...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-21740 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-21740 Source advisory:...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23568 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23568 Source advisory: OSV:GHSA-6445-FM66-FVQ2...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23574 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23574 Source advisory: OSV:GHSA-77GP-3H4R-6428...

HUAWEI EMUI 安全漏洞

Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from a code execution vulnerability that originates from a security privilege misconfiguration vulnerability in ACPU. An attacker can exploit this vulnerability to execute...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23580 Source advisory: OSV:GHSA-627Q-G293-49Q7...

CVE-2022-21813

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service...

lsmmdma (>=0.0.4 <=0.1.7), medaka-cpu (>=1.6.0 <=1.7.2) +1 more potentially affected by CVE-2022-23592 via tensorflow-cpu (>=2.7.0 <=2.7.4)

tensorflow-cpu PYPI version =2.7.0, =0.0.4, =1.6.0, =1.7.2 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23592 Source advisory: OSV:PYSEC-2022-101...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23562 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23562 Source advisory: OSV:PYSEC-2022-126...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21736 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21736 Source advisory: OSV:PYSEC-2022-115...

CVE-2022-22265

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution...

Samsung NPU driver 安全漏洞

Samsung NPU driver is a neural network processor from Samsung South Korea. A security vulnerability exists in Samsung Mobile's NPU driver prior to SMR Jan-2022 Release 1, which arises from improper checking or handling of exceptions in the NPU driver, allowing arbitrary memory writes and code...

Nvidia GPU 安全漏洞

Nvidia Gpu is a graphics processing unit from the American company Nvidia. It is used in machine learning, video editing and gaming applications. A security vulnerability exists in Nvidia GPU and Tegra hardware that stems from allowing users with elevated privileges to access information in...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41208 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...