memory issues

A late probe failure in the Linux kernel’s MOST USB stack has been tracked as CVE-2025-68290 and patched after maintainers fixed a double-free and related use-after-free paths that could crash systems or, in the worst case, be abused for memory-corruption attacks. Background The vulnerability...

The memory shortage driven by the AI datacenter boom has suddenly turned a long-running industry assumption on its head: cheap, spec-heavy smartphones and aggressively priced PCs are about to get more expensive, and in some cases less capable, as suppliers reallocate wafer capacity to...

A newly disclosed vulnerability in GnuPG’s ASCII‑armor parser can cause an out‑of‑bounds write that leads to memory corruption when processing crafted input, and upstream has already issued a targeted code fix while downstream distributions race to roll the patch into packages. Background GnuPG...

2025 finished as a year when ambition outpaced operational hygiene: memory and storage shortages that made building a PC expensive, hyperscaler outages that made whole regions of the internet look fragile, high‑profile product demos that spectacularly failed on stage, and AI product launches...

A subtle but consequential memory-handling bug in the Linux kernel’s qla2xxx SCSI driver has been assigned CVE-2025-68741 and patched upstream: an error path in qla2xxx_process_purls_iocb used kfree to release a structure that may have been drawn from a per-adapter pre‑allocated pool, which can...

A critical memory‑corruption flaw in PyTorch’s low‑level LSTM cell implementation — tracked as CVE‑2025‑3001 — has been publicly disclosed and reproduced, creating an urgent, if narrowly scoped, operational risk for systems that run untrusted or local model code built against the affected...

National Instruments’ flagship engineering tool LabVIEW is the subject of a coordinated security disclosure that identifies nine memory‑corruption vulnerabilities — ranging from out‑of‑bounds reads and writes to a use‑after‑free and a stack‑based buffer overflow — which, if triggered by a...

A newly published integer‑overflow vulnerability in the X Resize, Rotate and Reflect (RandR) extension — tracked as CVE‑2025‑49180 — affects multiple X.Org implementations (xorg‑server, xorg‑server‑Xwayland) and TigerVNC, and has prompted coordinated security updates from major Linux...

A new, high‑severity remote code execution (RCE) vulnerability has been published for the Windows Routing and Remote Access Service (RRAS): CVE‑2025‑64678 is a heap‑based buffer overflow in RRAS that can allow an unauthenticated attacker to execute code over the network against systems running...

Microsoft’s advisory for CVE-2025-62557 confirms a memory‑corruption flaw in Microsoft Office that can be weaponized for local remote‑code‑execution (RCE) scenarios — a use‑after‑free (UAF) in Office’s document parsing that, if chained successfully, allows attacker code to run with the...

The Linux kernel fix for CVE-2025-21907 closes a subtle but real correctness window in memory‑failure handling: the kernel now updates the TTU (try_to_unmap) flag inside unmap_poisoned_folio to ensure poisoned folios are consistently marked during unmap/migration operations, preventing spurious...

A type‑confusion bug in libxslt’s internal node representation — where the same psvi memory field is reused for stylesheet and input nodes — can be forced to misinterpret an XML document and produce out‑of‑bounds accesses, crashes, and memory corruption that result in reliable denial‑of‑service...

The Linux kernel has received a small but important corrective patch addressing CVE-2025-40262 — a memory-corruption bug in the IMX SCU key driver (imx_sc_key) that could corrupt kernel memory during module unload by passing the address of a stack variable instead of the intended pointer. The...

Fuji Electric’s Monitouch V‑SFT‑6 HMI configuration tool contains multiple memory‑corruption vulnerabilities — including both heap‑ and stack‑based buffer overflows — that can crash engineering workstations and, under certain conditions, enable arbitrary code execution when specially crafted...

A small change in the OCFS2 kernel code — setting a freed pointer to NULL — resolved a formally assigned CVE but highlights a perennial class of Linux kernel risks: double‑free memory corruption that can destabilize hosts, complicate multi‑tenant environments, and, in some cases, provide a local...

Microsoft’s Security Update Guide records CVE-2025-59289 as a memory‑corruption elevation‑of‑privilege issue affecting the Windows Bluetooth Service; public technical summaries and patch notes describe the root cause as a use‑after‑free (UAF) in privileged Bluetooth/device‑broker code that can...

Microsoft has confirmed a class of memory-corruption flaws in its Inbox COM Objects that include a local remote-code-execution (RCE)–style impact for certain realistic attack chains; CVE-2025-58730 is one member of that family and was remediated in Microsoft’s October 2025 security roll‑up, but...

Microsoft has confirmed a high‑impact elevation‑of‑privilege vulnerability in the PrintWorkflowUserSvc component of Windows, tracked as CVE‑2025‑55684, that allows a local, low‑privileged user to potentially escalate to SYSTEM under certain conditions — Microsoft classifies the bug as a...

A newly reported vulnerability tied to the Windows Connected Devices Platform Service (Cdpsvc) has raised alarms for administrators and defenders: while public trackers and community analyses describe memory‑corruption defects in CDPSvc that can lead to privilege escalation or execution under...

Microsoft has confirmed an elevation‑of‑privilege flaw in the Desktop Window Manager (DWM) core library tracked as CVE‑2025‑59255, a locally‑triggered memory‑safety issue that can let an authenticated user or process running under a standard account escalate to SYSTEM‑level privileges if...