545 matches found
CVE-2026-22165
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
CVE-2026-22166
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
CVE-2026-22166
CVE-2026-22166 pertains to GPU DDK components where a web page sending anomalous WebGPU content into the GPU GLES render process can trigger a write UAF crash in the GPU GLES user-space shared library (KEGLGetPoolBuffers). The exposed root cause is a write-after-free condition in KEGLGetPoolBuffe...
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
CVE-2026-22166
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
EUVD-2026-26663
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
CVE-2026-22165
CVE-2026-22165 involves a flaw in a GPU DDK where a web page serving unusual WebGPU content loaded into the GPU GLES render process can trigger a write UAF in the GPU GLES user-space shared library. The root cause is described as UAF reads of GLES3Context::psDrawParams and GLES3Context::psMode an...
CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
EUVD-2026-26662
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
CVE-2026-22165
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
PT-2026-36496
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
PT-2026-36497
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A web page containing unusual WebGPU content loaded into the GPU GLES render process can trigger a write Use-After-Free UAF crash in the GPU GLES user-space shar...
Imagination Graphics DDK 资源管理错误漏洞
Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a Resource Management Error vulnerability that originates when WebGPU content is loaded into the GPU GLES rendering process triggering a write-release-after-reuse crash, which...
Important: mesa
Issue Overview: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. CVE-2026-40393 Affected Packages: mesa Issue Correction: Run dnf update mesa...
Amazon Linux 2023 : mesa-dri-drivers, mesa-filesystem, mesa-libd3d (ALAS2023-2026-1623)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1623 advisory. In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...
FreeBSD : Mozilla -- Denial-of-service (2239d66b-4307-11f1-a627-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2239d66b-4307-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2015959 reports: Denial-of-service due to integer overflow ...
Linux Distros Unpatched Vulnerability : CVE-2026-6773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. CVE-2026-6773 Note...
OESA-2026-2052 mesa security update
. Security Fixes: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.CVE-2026-40393...
OESA-2026-2051 mesa security update
. Security Fixes: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.CVE-2026-40393...