6211 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed a memory leak that occurred during codecinfo allocation failures. In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated using kzalloc. If the subsequent allocation of inst-codecinfo...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed UAF issues on kernel BO VA nodes. If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to still be updated; if the MMU is blocked, the rest of the GPU should also be blocke...
CVE-2026-56272
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...
PT-2026-52048
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim t...
PT-2026-51883
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the nvmet-tcp component occurs because the nvmet tcp build pdu iovec function does not propagate errors to its callers when detecting out-of-bounds PDU Protocol Data Unit lengt...
PT-2026-51846
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. This occurs during device recovery when multiple memor...
PT-2026-52041
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...
CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core
Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...
GHSA-FCW5-X6J4-CCMP vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...
June 23, 2026—KB5095091 (OS Build 28000.2340) Preview
June 23, 2026—KB5095091 OS Build 28000.2340 Preview This cumulative update for Windows 11, version 26H1 KB5095091, includes production-quality improvements. Announcements and messages This section provides key notifications related to this release, including announcements, change logs, and...
CVE-2026-53923
Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...
CVE-2026-12028
The following flaw was identified in the Chromium browser: Use after free GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517555461...
CVE-2026-12030
The following flaw was identified in the Chromium browser: Heap buffer overflow GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518007423...
CVE-2026-49337
CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...
CVE-2026-49271
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save the CS register in cases of AMD Zen IF Poison errors. The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC for poison consumption errors. Therefore,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed handling of MSDU buffer types in the RX error path. Currently, packets received on the REO exception ring from unassociated peers are of MSDU buffer type, while the driver expects link descriptor type packets...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86: The movement of the event pointer was moved earlier in x86pmuenable. A production AMD EPYC system crashed due to a NULL pointer dereference in the PMU NMI handler: BUG: NULL pointer dereference in the kernel, address:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Check whether hwpp is valid in dpuencoderhelperphyscleanup. The commit 8b45a26f2ba9 “drm/msm/dpu: Reserve CDM blocks for writeback in case of YUV output” introduced a warning about another conditional block in...