< ciso
brief />
Tag Banner

All news with #memory corruption tag

51 articles

HollowByte DoS in OpenSSL bloats server memory

🛡️ Okta researchers disclosed a DoS flaw named HollowByte that lets unauthenticated attackers bloat OpenSSL server memory by sending an 11-byte payload with a forged header. Vulnerable OpenSSL versions allocate memory based on the claimed message length before receiving the payload, then block waiting for data that never arrives, causing heavy heap fragmentation and long-lived RSS growth. The OpenSSL team silently fixed the issue and backported the patch to multiple release lines; administrators are urged to upgrade to the patched versions immediately.
read more →

16-year KVM bug allows guest-to-host escape

🛡️ A critical KVM vulnerability, tracked as CVE-2026-53359 and nicknamed Januscape, lets an attacker with root in a guest VM execute code on the Linux host by exploiting a use-after-free in KVM's shadow MMU emulation on x86. Discovered by Hyunwoo Kim and present for 16 years, it affects both Intel and AMD servers and can enable host kernel panic, denial-of-service, or full RCE; some distros also allow local escalation via world-writable /dev/kvm. The Linux kernel was patched on June 16, but distribution rollouts may lag.
read more →

Seven vulnerabilities disclosed in ubiquitous FatFs library

🔒 Security firm runZero disclosed seven vulnerabilities in the FatFs filesystem library used to read FAT/exFAT on many embedded devices. The bugs—rated Medium to High—can lead to memory corruption, crashes, data leaks, or code execution when a device mounts malformed media or firmware images. Only the GPT hang issue is fixed upstream; most fixes must come from downstream vendors who bundle FatFs. runZero published PoCs and urges vendors and integrators to audit wrappers and treat physical ports and update channels as attack surfaces.
read more →

Citrix NetScaler memory overread patched, exploits spotted

🔒 Citrix patched a new NetScaler memory overread, CVE-2026-8451, similar to prior CitrixBleed issues; researchers from watchTowr disclosed that malformed unauthenticated requests can leak protected process memory. While this flaw leaks smaller data fragments than earlier CitrixBleed faults, it still poses risk for chaining with memory-write exploits. Citrix also fixed additional high-severity memory overflows and an HTTP/2 DoS; customers are urged to upgrade and apply configuration mitigations.
read more →

Apple issues urgent iOS, macOS and Safari security updates

🔒 Apple released security updates for iOS, macOS, and Safari to address over three dozen vulnerabilities, including four WebKit flaws discovered with AI tools such as Anthropic Claude and OpenAI Codex Security. The fixes target memory corruption, out-of-bounds write, use-after-free, and other WebKit issues, plus several kernel-level bugs that could leak or corrupt memory. Updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, and Apple noted no active exploitation has been reported.
read more →

Linux pedit COW exploit lets local users gain root

⚠️ A critical memory-corruption bug in the Linux traffic-control subsystem (CVE-2026-46331, “pedit COW”) enables a local unprivileged user to gain root by corrupting shared page-cache memory. The flaw allows modification of a cached setuid binary image in memory without touching the on-disk file; a public exploit appeared within a day of CVE assignment. The exploit requires the act_pedit module be loadable and unprivileged user namespaces enabled; affected vendors have issued patches and mitigations.
read more →

SAP patches critical NetWeaver and Commerce Cloud flaws

🔒 SAP released its June 2026 security update addressing 15 vulnerabilities, including four critical issues affecting SAP NetWeaver and SAP Commerce Cloud. The critical flaws include XML Signature Wrapping (CVE-2026-44748), a memory corruption bug (CVE-2026-27671), a Spring Security-related issue (CVE-2026-22732), and a directory traversal in the Java web container (CVE-2026-40128). Organizations should prioritize patching these high-impact defects immediately.
read more →

Google issues emergency Chrome zero-day patch

🔒 Google has released an emergency update to address CVE-2026-11645, the fifth Chrome zero-day fixed this year. The flaw, an out-of-bounds read/write in the V8 JavaScript engine, can be exploited by crafted HTML to achieve arbitrary code execution from within the browser sandbox. Patched Stable channel versions for Windows, macOS, and Linux are rolling out, and Google warns details may stay restricted until most users are updated.
read more →

ABB Camera Connect VLC Component Vulnerabilities

🔔 ABB disclosed that several vulnerabilities exist in the VLC media player component delivered with older ABB Ability Camera Connect installers (≤ 1.5.0.14). An update (Camera Connect 1.5.0.15) and standalone VLC updates are available to remediate multiple memory-corruption and path-related issues. ABB notes that most deployments are air-gapped and isolated, which significantly reduces exposure and remote exploitability, but recommends applying updates at the earliest convenience.
read more →

macOS Kernel Memory Corruption Exploit Reported

🔒 A security report details how a group used Anthropic’s Mythos AI model to discover a kernel memory corruption vulnerability and develop an exploit targeting Apple’s M5 platform. The article summarizes the incident and notes it was posted on May 21, 2026. It highlights implications for macOS security and the role of advanced AI tools in vulnerability discovery. The piece is concise and focused on the exploit’s origin and significance.
read more →

ABB B&R Automation Studio: SQLite component vulnerabilities

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.
read more →

Critical Ollama GGUF Vulnerability Exposes Heap Data

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.
read more →

AI-Assisted Analysis Uncovers Old Bugs in Databases

🔍 Researchers using AI-assisted analysis at Wiz's zeroday.cloud event disclosed multiple high-severity memory-safety flaws in PostgreSQL and MariaDB. Two PostgreSQL issues — including a heap overflow in the pgcrypto extension — date back more than 20 years and can enable remote code execution when fed attacker-controlled input. MariaDB's JSON schema validator also contains a heap overflow reachable by any authenticated SQL session, which under certain memory conditions can be escalated to code execution. Patches are available and maintainers strongly urge immediate upgrades.
read more →

Siemens RUGGEDCOM CROSSBOW SAC: SQLite Vulnerability

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.
read more →

Rowhammer Attacks Targeting GDDR6 GPUs and Servers

🔒 Three recent academic studies — GDDRHammer, GeForge, and GPUBreach — describe Rowhammer-style attacks that target GDDR6 on modern GPUs. The first two demonstrate memory-access patterns that can bypass TRR and corrupt GPU page tables, enabling arbitrary reads and writes in video memory and potential escalation into system RAM. GPUBreach goes further by chaining driver flaws to defeat IOMMU-based isolation. While enabling ECC, using HBM, and applying IOMMU mitigations reduce risk, these findings highlight a credible threat to shared GPU/cloud environments.
read more →

Bringing Rust to Pixel Baseband for Safer DNS Parsing

🛡️ Google’s Pixel team integrated a memory-safe Rust DNS parser into the cellular baseband on Pixel 10 to reduce a class of memory-safety vulnerabilities in a high-risk component. The project adapts the community hickory-proto crate for no_std, adds FFI shims, and builds Rust into the modem firmware via the existing GN/Pigweed build. The team prioritized community support and correctness over aggressive size optimization, reporting a combined code cost of ~371 KB and leaving size pruning to future work.
read more →

GPUBreach: GPU Rowhammer Enables Full System Compromise

🔒 Researchers at the University of Toronto demonstrated GPUBreach, a GPU-targeted Rowhammer technique that flips bits in GDDR6 to corrupt GPU page tables and subvert device memory controls. An unprivileged CUDA kernel can obtain arbitrary read/write access to GPU memory and then exploit NVIDIA driver flaws to escalate to CPU privileges and spawn a root shell. The work, due at IEEE S&P 2026, includes technical materials and shows impacts from key leakage to ML model manipulation.
read more →

GPUBreach: RowHammer on GPUs Enables Full Host Takeover

⚠️ New research describes GPUBreach, a set of GDDR6 RowHammer techniques that corrupt GPU page tables to gain arbitrary GPU memory read/write and, in GPUBreach's case, full host control. The work shows chained GDDR6 bit-flips can corrupt trusted driver state and trigger kernel memory-safety bugs in NVIDIA drivers even with the IOMMU enabled. Related efforts (GDDRHammer, GeForge) also achieve GPU-side arbitrary read/write, though some require IOMMU to be disabled. Enabling ECC reduces risk but is not a guaranteed mitigation for all platforms.
read more →

GPUBreach: GPU Rowhammer Enables System Takeover to Root

⚠️ A new attack called GPUBreach demonstrates that Rowhammer-induced bit flips in GDDR6 memory can corrupt GPU page tables and allow an unprivileged CUDA kernel to gain arbitrary GPU memory read/write access. The University of Toronto team showed this capability can be chained into CPU-side privilege escalation by exploiting memory-safety bugs in the NVIDIA driver, potentially yielding a full system compromise up to a root shell. Critically, the attack works with IOMMU enabled and remains unmitigated on consumer GPUs without ECC. Full technical details and a reproduction package will be published on April 13.
read more →

Critical Citrix NetScaler SAML IDP Memory Leak Exploit

⚠️ A critical out-of-bounds read vulnerability (CVE-2026-3055), disclosed by Citrix on March 23, is being actively exploited against NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. The flaw (CVSS v4.0 9.3) allows unauthenticated attackers to leak memory contents via crafted SAMLRequest payloads. Citrix and security researchers urge immediate patching to the listed firmware releases and recommend checking NetScaler configurations for SAML IDP profiles.
read more →