925 matches found
EUVD-2026-36630
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...
CVE-2026-41158
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...
CVE-2026-22164
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...
CVE-2026-22164
Technical details are not publicly available in the provided documents. Monitor for future updates.
PT-2026-47312
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...
RHEL 10 : image-builder (RHSA-2026:22937)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...
CVE-2026-45253 Missing validation in ptrace(PT_SC_REMOTE)
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
CVE-2026-45253
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
CVE-2026-22167
CVE-2026-22167 concerns a GPU DDK vulnerability where cache-resident PM buffers can be written by other GPU requestors. The issue allows software running as a non-privileged user to issue improper GPU system calls, forcing the GPU to write to arbitrary physical memory pages. Under certain conditi...
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...
Imagination Graphics DDK 缓冲区错误漏洞
Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a buffer error vulnerability that arises from software run by an unprivileged user that may execute improper GPU system calls to force the GPU to write to arbitrary physical memo...
PT-2026-36498
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...
GHSA-VJGJ-42F6-7997 netfoil's optional seccomp sandboxing was not applied
Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...
netfoil's optional seccomp sandboxing was not applied
Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...
s390/syscalls: Add spectre boundary for syscall dispatch table
...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013834)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013834 advisory. In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that...
EUVD-2026-23446
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...
EUVD-2026-22180
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...