Lucene search
K

12632 matches found

NVD
NVD
added 2025/08/19 5:15 p.m.5 views

CVE-2025-38604

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not kille...

5.5CVSS0.00149EPSS
Exploits0References11
NVD
NVD
added 2025/08/19 5:15 p.m.7 views

CVE-2025-38591

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...

5.5CVSS0.0018EPSS
Exploits0References6
NVD
NVD
added 2025/08/19 5:15 p.m.5 views

CVE-2025-38592

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcidevcddump: fix out-of-bounds via devcoredumpv Currently both devcoredumpv and skbputdata in hcidevcddump use hdev-dump.head. However, devcoredumpv can free the buffer. From devcoredumpmtimeout documentation, which i...

7.1CVSS0.00154EPSS
Exploits0References3
NVD
NVD
added 2025/08/19 5:15 p.m.5 views

CVE-2025-38574

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

7.8CVSS0.00167EPSS
Exploits0References11
NVD
NVD
added 2025/08/19 5:15 p.m.6 views

CVE-2025-38566

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

7.5CVSS0.00528EPSS
Exploits0References5
NVD
NVD
added 2025/08/19 5:15 p.m.8 views

CVE-2025-38571

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

5.5CVSS0.00146EPSS
Exploits0References5
OSV
OSV
added 2025/08/19 5:15 p.m.3 views

UBUNTU-CVE-2025-38574

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

7.8CVSS6.5AI score0.00167EPSS
Exploits0References40
OSV
OSV
added 2025/08/19 5:3 p.m.5 views

CVE-2025-38604 wifi: rtl818x: Kill URBs before clearing tx status queue

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not kille...

5.5CVSS5.7AI score0.00149EPSS
Exploits0References14
CVE
CVE
added 2025/08/19 5:3 p.m.23 views

CVE-2025-38592

CVE-2025-38592 affects the Linux kernel Bluetooth subsystem. The issue arises in hci_devcd_dump where dev_coredumpv and skb_put_data both use hdev->dump.head, allowing a freed vmalloc buffer to be accessed and causing vmalloc-out-of-bounds access. The documented root cause is that dev_coredump...

7.1CVSS7AI score0.00154EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/08/19 5:3 p.m.54 views

CVE-2025-38591

CVE-2025-38591 affects the Linux kernel and is resolved by a patch in the BPF verifier. The issue involved a narrowing context access check in BPF, where a program attempted to read a pointer field (offset 169) in __sk_buff (field sk at offset 168). The verifier incorrectly allowed this “narrower...

5.5CVSS7AI score0.0018EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/08/19 5:3 p.m.8 views

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...

0.0018EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/08/19 5:3 p.m.4 views

CVE-2025-38591

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...

5.5CVSS5.2AI score0.0018EPSS
Exploits0
OSV
OSV
added 2025/08/19 5:3 p.m.5 views

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...

5.5CVSS6AI score0.0018EPSS
Exploits0References9
OSV
OSV
added 2025/08/19 5:3 p.m.4 views

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

5.5CVSS7.1AI score0.00146EPSS
Exploits0References8
CVE
CVE
added 2025/08/19 5:2 p.m.50 views

CVE-2025-38574

CVE-2025-38574 affects the Linux kernel PPTP transmit path (pptp_xmit). A missing bound check on skb length could allow reading uninitialized data in pptp_xmit(), similar to changes made for ppp_sync_txmunge. The issue is fixed by the upstream commit aabc6596ffb3 and related bound-checking change...

7.8CVSS7.2AI score0.00167EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/08/19 5:2 p.m.8 views

CVE-2025-38574 pptp: ensure minimal skb length in pptp_xmit()

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

0.00167EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2025/08/19 5:2 p.m.5 views

CVE-2025-38574

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

7.8CVSS6.2AI score0.00167EPSS
Exploits0
OSV
OSV
added 2025/08/19 5:2 p.m.4 views

CVE-2025-38574 pptp: ensure minimal skb length in pptp_xmit()

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

7.8CVSS7.4AI score0.00167EPSS
Exploits0References14
OSV
OSV
added 2025/08/19 5:2 p.m.5 views

CVE-2025-38571 sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/08/19 5:2 p.m.12 views

CVE-2025-38571 sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

0.00146EPSS
Exploits0References5
Rows per page
Query Builder