CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...

CVE-2024-50085 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcppmnlrmaddrorsubflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcppmnlrmaddrorsubflow+0xb44/0xcc0...

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free Exploit

Linux suffered from a use-after-free read vulnerability related to an SOPEERCRED and SOPEERGROUPS race with listen and connect. This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286. Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with...

Out Of Bound Reads (OOB)

kernel-rt is vulnerable to out-of-bound OOB reads. The vulnerability exists in the vcdoresize function in drivers/tty/vt/vt.c allowing an attacker to perform a UAF read...