VulDB Recent Entries

A vulnerability has been found in Linux Kernel up to 6.15-rc3 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-37810. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.88/6.12.25/6.14.4/6.15-rc3. This affects the function ufshcd_mcq_abort of the component scsi. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-37828. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. Affected by this issue is the function ufshcd_mcq_compl_pending_transfer of the component scsi. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-37826. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.14.4/6.15-rc3. Affected by this vulnerability is the function nvmet_enable_port. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-37825. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.4/6.15-rc3. Affected is the function dequeue_entities of the component Setting Handler. The manipulation leads to unchecked return value. This vulnerability is traded as CVE-2025-37821. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.135/6.6.88/6.12.25/6.14.4/6.15-rc3. It has been rated as critical. This issue affects the function xdp_convert_buff_to_frame of the component xen-netfront. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37820. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. It has been declared as critical. This vulnerability affects unknown code of the file vsc-tp.c of the component mei. The manipulation of the argument buf[] leads to buffer overflow. This vulnerability was named CVE-2025-37816. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15-rc3. It has been classified as critical. This affects an unknown part of the component cdns3. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-37812. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15-rc3 and classified as critical. Affected by this issue is some unknown functionality of the component ci_hdrc_imx. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-37811. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3/e91dab550dd1d2221333cac9f5c012ab5193696f and classified as critical. Affected by this vulnerability is the function __btrfs_add_free_space_zoned of the component btrfs. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-37827. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. Affected is the function test_progs of the component riscv. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-37822. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.135/6.6.88/6.12.25/6.14.4/6.15-rc3. This issue affects the function generic_handle_irq of the component pci1xxxx. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-37815. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.88/6.12.25/6.14.4/6.15-rc3. This vulnerability affects the function apple_soc_cpufreq_get_rate of the component cpufreq. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-37831. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3/2714ffdbb79b48dda03334a01af90fb024f39047. This affects an unknown part of the component tty. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2025-37814. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been rated as critical. Affected by this issue is the function tipc_mon_reinit_self of the component tipc. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-37824. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. It has been declared as critical. Affected by this vulnerability is the function typec_partner_unlink_device of the component usb. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-37809. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.4. It has been classified as problematic. Affected is the function af_alg of the component crypto. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-37808. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4 and classified as critical. This issue affects the function htab_elem_set_ptr of the component bpf. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-37807. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.88/6.12.25/6.14.4 and classified as critical. This vulnerability affects unknown code of the component io_uring. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2025-37804. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc2. This affects the function wait_event_timeout of the component ksmbd. The manipulation leads to missing initialization of a variable. This vulnerability is uniquely identified as CVE-2025-37802. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.