CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3010 – Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
https://notcve.org/view.php?id=CVE-2025-3010
31 Mar 2025 — A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.302060 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 277EXPL: 1CVE-2023-4969 – GPU kernel implementations susceptible to memory leak
https://notcve.org/view.php?id=CVE-2023-4969
16 Jan 2024 — A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Un kernel de GPU puede leer datos confidenciales de otro kernel de GPU (incluso de otro usuario o aplicación) a través de una región de memoria de GPU optimizada llamada _local memory_ en varias arquitecturas. • https://blog.trailofbits.com • CWE-401: Missing Release of Memory after Effective Lifetime •