EUVD-2026-39231

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgro...

CVE-2026-53140

The CVE-2026-53140 issue affects the Linux kernel’s DRM v3d code. A vaddr leak occurred in v3d_rewrite_csd_job_wg_counts_from_indirect() when the indirect CSD workgroup counts read as zero, causing an early bailout that skipped releasing the vaddr mappings for both the indirect buffer and the wor...

CVE-2026-53139

The CVE-2026-53139 entry concerns the Linux kernel DRM/V3D path. A compute shader dispatch could receive zero counts in any workgroup dimension, which hardware would treat as 65536 while the driver reports a maximum of 65535; such zeroed counts could propagate through indirect CSD paths. The fix ...

CVE-2026-49269

Apple M1 GPUs expose a cross-process register state leakage: a sandboxed Metal attacker can read stale values from another sandboxed process’s compute shader dispatches, potentially recovering a 128-bit secret that was loaded into GPU registers. In proof-of-concept, a victim app writes a fresh se...

Astra Linux - уязвимость в virglrenderer

A NULL pointer dereferencing in the vrendrenderer.c file of virglrenderer during versions 0.8.1 allows attackers to cause a denial of service by using commands that attempt to launch a grid without first providing a Compute Shader CS...

MAL-2026-3961 Malicious code in @antv/g-shader-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +7 more potentially affected by unknown CVE via @antv/g-shader-components (>=2.0.0 <=2.0.1-beta.0)

@antv/g-shader-components NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSHADERCOMPONENTS-16754423...

[SECURITY] Fedora 44 Update: qt6-qtshadertools-6.10.3-1.fc44

Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source Ecosystem...

CVE-2026-21732

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

EUVD-2026-13834

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732

CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from an out-of-bound write operation in the GPU shader compiler library, potentially leading to crashes...

PT-2026-26691

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

Linux Distros Unpatched Vulnerability : CVE-2025-4082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate...

CVE-2025-13952

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the...