62 matches found
CVE-2026-45958
A flaw was found in the Linux kernel's drm/exynos: vidi driver. A local user could exploit this vulnerability by directly dereferencing a user pointer in the vidiconnectionioctl function. This allows for arbitrary kernel memory access from user space, potentially leading to privilege escalation o...
CVE-2026-45958
drm/exynos: vidi: fix to avoid directly dereferencing user pointer...
PT-2026-43825
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the vidi connection ioctl function where the vidi-edid user pointer is directly dereferenced within the kernel. This allows arbitrary kernel memory access from user spac...
SUSE CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-43073
In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: Do not rely on user vaddr alignment. There is no guaranteed alignment for user pointers. However, the calculation of the offset from the first page to a folio after coalescing uses some strange bit mask logic;...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a dangling pointer in krbauthenticate. krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user, but that function may return without doing so...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fixed a memory leak in kfdmemdmamapuserptr. If the number of pages from the userptr BO differs from the SG BO, then the allocated memory for the SG table does not get freed before returning – leading to an EINVAL erro...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommufd: Check for uptr overflow syzkaller discovered that setting up a page with a user VA that exceeds zero can trigger WARNONs, especially when pinuserpages returns 0 due to invalid arguments. This issue prevents the creati...
PT-2026-36416
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The drm compat ioctl path accepts a user-controlled pointer and dereferences it into a table of function pointers. This pattern is characteristic of Spectre problems, which are...
CVE-2023-54239 iommufd: Check for uptr overflow
In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARNONs, particularly from pinuserpages weirdly returning 0 due to invalid arguments. Prevent creating a pages...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked user pointer overflow that could lead to a null pointer dereference...
CVE-2022-50619
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...
SUSE CVE-2025-40336
In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmmpfntomaporder usage Handle the case where the hmm range partially covers a huge page like 2M, otherwise we can potentially end up doing something nasty like mapping memory which is outside the range, and maybe...
EUVD-2022-55693
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...
CVE-2022-50619 drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...
PT-2025-49460
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the kfd mem dmamap userptr function within the drm/amdkfd module. This occurs when the number of pages from the userptr BO differs from the SG BO, leading to...
EUVD-2025-201161
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of ...