All news with #memory corruption tag

🔔 ABB disclosed that several vulnerabilities exist in the VLC media player component delivered with older ABB Ability Camera Connect installers (≤ 1.5.0.14). An update (Camera Connect 1.5.0.15) and standalone VLC updates are available to remediate multiple memory-corruption and path-related issues. ABB notes that most deployments are air-gapped and isolated, which significantly reduces exposure and remote exploitability, but recommends applying updates at the earliest convenience.

🔒 A security report details how a group used Anthropic’s Mythos AI model to discover a kernel memory corruption vulnerability and develop an exploit targeting Apple’s M5 platform. The article summarizes the incident and notes it was posted on May 21, 2026. It highlights implications for macOS security and the role of advanced AI tools in vulnerability discovery. The piece is concise and focused on the exploit’s origin and significance.

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.

🔍 Researchers using AI-assisted analysis at Wiz's zeroday.cloud event disclosed multiple high-severity memory-safety flaws in PostgreSQL and MariaDB. Two PostgreSQL issues — including a heap overflow in the pgcrypto extension — date back more than 20 years and can enable remote code execution when fed attacker-controlled input. MariaDB's JSON schema validator also contains a heap overflow reachable by any authenticated SQL session, which under certain memory conditions can be escalated to code execution. Patches are available and maintainers strongly urge immediate upgrades.

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.

🔒 Three recent academic studies — GDDRHammer, GeForge, and GPUBreach — describe Rowhammer-style attacks that target GDDR6 on modern GPUs. The first two demonstrate memory-access patterns that can bypass TRR and corrupt GPU page tables, enabling arbitrary reads and writes in video memory and potential escalation into system RAM. GPUBreach goes further by chaining driver flaws to defeat IOMMU-based isolation. While enabling ECC, using HBM, and applying IOMMU mitigations reduce risk, these findings highlight a credible threat to shared GPU/cloud environments.

🛡️ Google’s Pixel team integrated a memory-safe Rust DNS parser into the cellular baseband on Pixel 10 to reduce a class of memory-safety vulnerabilities in a high-risk component. The project adapts the community hickory-proto crate for no_std, adds FFI shims, and builds Rust into the modem firmware via the existing GN/Pigweed build. The team prioritized community support and correctness over aggressive size optimization, reporting a combined code cost of ~371 KB and leaving size pruning to future work.

🔒 Researchers at the University of Toronto demonstrated GPUBreach, a GPU-targeted Rowhammer technique that flips bits in GDDR6 to corrupt GPU page tables and subvert device memory controls. An unprivileged CUDA kernel can obtain arbitrary read/write access to GPU memory and then exploit NVIDIA driver flaws to escalate to CPU privileges and spawn a root shell. The work, due at IEEE S&P 2026, includes technical materials and shows impacts from key leakage to ML model manipulation.

⚠️ New research describes GPUBreach, a set of GDDR6 RowHammer techniques that corrupt GPU page tables to gain arbitrary GPU memory read/write and, in GPUBreach's case, full host control. The work shows chained GDDR6 bit-flips can corrupt trusted driver state and trigger kernel memory-safety bugs in NVIDIA drivers even with the IOMMU enabled. Related efforts (GDDRHammer, GeForge) also achieve GPU-side arbitrary read/write, though some require IOMMU to be disabled. Enabling ECC reduces risk but is not a guaranteed mitigation for all platforms.

⚠️ A new attack called GPUBreach demonstrates that Rowhammer-induced bit flips in GDDR6 memory can corrupt GPU page tables and allow an unprivileged CUDA kernel to gain arbitrary GPU memory read/write access. The University of Toronto team showed this capability can be chained into CPU-side privilege escalation by exploiting memory-safety bugs in the NVIDIA driver, potentially yielding a full system compromise up to a root shell. Critically, the attack works with IOMMU enabled and remains unmitigated on consumer GPUs without ECC. Full technical details and a reproduction package will be published on April 13.

⚠️ A critical out-of-bounds read vulnerability (CVE-2026-3055), disclosed by Citrix on March 23, is being actively exploited against NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. The flaw (CVSS v4.0 9.3) allows unauthenticated attackers to leak memory contents via crafted SAMLRequest payloads. Citrix and security researchers urge immediate patching to the listed firmware releases and recommend checking NetScaler configurations for SAML IDP profiles.

🔍 A critical input-validation flaw in Citrix NetScaler ADC and NetScaler Gateway (CVE-2026-3055, CVSS 9.3) is being actively probed in the wild, security firms Defused Cyber and watchTowr report. The bug can cause memory overread and may leak sensitive data when appliances are configured as a SAML Identity Provider. Attackers are enumerating auth methods via /cgi/GetAuthMethods to identify vulnerable SAML IDP setups. Organizations should apply vendor patches immediately.

🔒 Cisco Talos disclosed multiple vulnerabilities impacting Canva Affinity, TP-Link Archer AX53, and HikVision face recognition terminals. Researchers identified 19 EMF-related issues in Canva Affinity, including out-of-bounds reads and a type confusion that can lead to memory corruption and arbitrary code execution. TP-Link’s AX53 contains 10 vulnerabilities across tmpServer, tdpServer and SSH hostkey handling that range from buffer overflows to write-what-where flaws and credential exposure via MITM. A HikVision SADP XML parser stack-based buffer overflow can be triggered by a malicious network packet. All identified issues have been patched following coordinated disclosure; users should apply vendor updates and consider Snort rule coverage for detection.

⚠ Citrix has published updates for NetScaler ADC and NetScaler Gateway to fix two vulnerabilities, including a critical memory overread (CVE-2026-3055) that can leak sensitive information from appliance memory. Exploitation requires specific configurations—SAML IdP for CVE-2026-3055 and gateway or AAA roles for CVE-2026-4368. Affected builds include 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23; customers should inspect configurations and apply patches immediately.

🔒 Apple has backported a WebKit memory-corruption fix, tracked as CVE-2023-43010, to older iOS and iPadOS releases after the flaw was observed in the Coruna exploit kit. The original mitigation shipped in iOS 17.2 on December 11, 2023; Apple’s recent updates — including iOS 15.8.7 and iOS 16.7.15 — extend protections to devices that cannot run the latest OS. Users with affected legacy devices are advised to install the available backports to mitigate exploitation risk.

⚠️ CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2026, after observing evidence of active exploitation. The entries include CVE-2026-21385, a memory corruption issue impacting multiple Qualcomm chipsets, and CVE-2026-22719, a command injection vulnerability affecting Broadcom VMware Aria Operations. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged flaws by the required due dates; CISA also strongly urges all organizations to prioritize timely remediation. CISA will continue to add vulnerabilities that meet its KEV criteria.

🔒 Google released March 2026 Android updates addressing 129 security flaws, including an actively exploited zero-day, CVE-2026-21385, in a Qualcomm display Graphics subcomponent. Qualcomm says the bug is an integer overflow/wraparound that local attackers can use to trigger memory corruption. Google also fixed 10 critical System/Framework/Kernel vulnerabilities and published two patch levels (2026-03-01 and 2026-03-05); Pixel devices receive fixes immediately while other vendors may take longer to roll them out.

⚠ Google confirmed that CVE-2026-21385, a high-severity buffer over-read in a Qualcomm graphics component used on Android devices, has been observed exploited in the wild. Qualcomm characterizes the defect as an integer overflow that permits memory corruption when user-supplied data is written without checking buffer space. The issue (CVSS 7.8) was reported to Qualcomm by Google's Android Security team on December 18, 2025, and customers were notified on February 2, 2026. Google’s March 2026 security bulletin includes this fix among 129 patches and notes indications of limited, targeted exploitation.

🔒A pair of vulnerabilities in EnOcean SmartServer IoT firmware (<=4.60.009) can be exploited via crafted LON IP-852 management messages to execute arbitrary OS commands or trigger memory corruption. CVE-2026-20761 (command injection) carries a CVSS 3.1 score of 8.1 and permits remote command execution; CVE-2026-22885 is an out-of-bounds read (CVSS 3.1 score 3.7) that can leak memory. EnOcean advises updating to SmartServer 4.6 Update 2 (v4.60.023) or later, and CISA recommends isolating devices, avoiding internet exposure, using secure remote access, and monitoring for suspicious activity.