VYPR

CWE-823

Use of Out-of-range Pointer Offset

BaseIncomplete

Description

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-129

CVEs mapped to this weakness (24)

page 2 of 2
  • CVE-2026-34193MedJun 1, 2026
    risk 0.28cvss 4.3epss 0.00

    Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to…

  • CVE-2024-52935MedJan 13, 2025
    risk 0.27cvss 4.1epss 0.00

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

  • CVE-2024-47896LowFeb 22, 2025
    risk 0.21cvss 3.3epss 0.00

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

  • CVE-2026-32829Mar 20, 2026
    risk 0.00cvss epss 0.00

    lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly…