CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/16 8:16 p.m.•5 views

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7CVSS0.00067EPSS

Cvelist•added 2026/06/16 6:50 p.m.•21 views

CVE-2026-0125

0.00067EPSS

Positive Technologies•added 2026/06/16 12:0 a.m.•14 views

PT-2026-49784

Name of the Vulnerable Software and Affected Versions vpu ioctl.c affected versions not specified Description A race condition in multiple functions of vpu ioctl.c can lead to a use after free, which is a scenario where a program continues to use a pointer after it has been freed. This issue may...

7CVSS5.9AI score0.00067EPSS

Tenable Nessus•added 2026/06/03 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-45928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If t...

RedhatCVE•added 2026/05/28 12:57 a.m.•8 views

Exploits0References2

CVE-2026-45928

A flaw was found in the Linux kernel's wave5 media driver. When a vpu instance is allocated, and a subsequent allocation for codecinfo fails, the driver returns an error without freeing the previously allocated vpu instance. This oversight leads to a memory leak, which could potentially impact...

EUVD•added 2026/05/27 3:33 p.m.•7 views

EUVD-2026-32394

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...

NVD•added 2026/05/27 2:17 p.m.•8 views

Exploits0References5

CVE-2026-45928

0.00175EPSS

OSV•added 2026/05/27 2:17 p.m.•7 views

UBUNTU-CVE-2026-45928

5.7AI score0.00175EPSS

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-46058

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...

7.8CVSS5.7AI score0.00097EPSS

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the functions wave5vpuopenenc and wave5vpuopendec in media/chips-media/wave5, which...

Positive Technologies•added 2026/05/27 12:0 a.m.•13 views

PT-2026-43795

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the wave5 VPU driver. In the functions wave5 vpu open enc and wave5 vpu open dec, a VPU instance is allocated using kzalloc. If the subsequent allocation for the...

5.4AI score0.00175EPSS

Exploits0References13

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: iris: Added missing platform data entries for SM8750. Two platform-data fields for SM8750 were omitted: - getvpubuffersize = irisvpu33bufsize Without this field, the driver fails to allocate the required internal buffer...

5.5CVSS5.8AI score0.00126EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: Avoid G2 bus errors during H.264 and HEVC decoding. For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously. Doing so may cause a bus error, resulting in...

5.5CVSS5.3AI score0.00107EPSS

SUSE CVE•added 2026/05/09 2:40 a.m.•3 views

SUSE CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

5.7AI score0.00126EPSS

SUSE CVE•added 2026/05/09 2:40 a.m.•7 views

SUSE CVE-2026-43263

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpuinstance" this structure is shared for all...

7.8CVSS5.7AI score0.00119EPSS

UbuntuCve•added 2026/05/08 2:16 p.m.•4 views

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

5.5CVSS5.8AI score0.00107EPSS

RedhatCVE•added 2026/05/06 9:38 p.m.•6 views

CVE-2026-43207

A flaw was found in the Linux kernel's mtk-mdp media driver. Improper error handling in the probe function could lead to a resource leak. Additionally, a missing check for the return value of vpugetplatdevice could result in a null pointer dereference, potentially causing a system crash and leadi...

7.8CVSS5.8AI score0.00139EPSS

EUVD•added 2026/05/06 12:30 p.m.•21 views

EUVD-2026-27660

5.8AI score0.00119EPSS