Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been rated as problematic. Affected is the function num_subauth of the component ksmbd. This manipulation causes out-of-bounds read. This vulnerability is registered as CVE-2025-22038. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. The affected element is the function alloc_preauth_hash. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-22037. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected by this issue is the function smb_check_perm_dacl of the component ksmbd. Performing a manipulation of the argument dacloffset results in null pointer dereference. This vulnerability is reported as CVE-2025-22039. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.14.1. Affected is the function print_graph_function_flags of the component tracing. Such manipulation leads to use after free. This vulnerability is traded as CVE-2025-22035. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1 and classified as critical. This issue affects the function PageTail of the component gup. Such manipulation leads to improper update of reference count. This vulnerability is listed as CVE-2025-22034. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected by this issue is the function block_read_full_folio of the component exfat. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2025-22036. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1 and classified as critical. This vulnerability affects the function do_compat_alignment_fixup of the component Virtual Address Handler. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2025-22033. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.13.10/6.14.1. It has been declared as critical. The affected element is the function pci_bus of the component bwctrl. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-22031. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected by this vulnerability is the function mt792x_rx_get_wcid of the component mt7921. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-22032. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. It has been declared as problematic. This impacts the function crypto_free_acomp of the component zswap. The manipulation of the argument acomp_ctx results in improper initialization. This vulnerability is cataloged as CVE-2025-22030. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.63/6.18.3/6.19-rc3. This impacts the function raid5_store_group_thread_cnt. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-71135. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Affected by this vulnerability is the function irdma_net_event. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2025-71133. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. This vulnerability affects the function xdp_convert_buff_to_frame. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-71095. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3 and classified as critical. Affected by this issue is the function fib_table_flush. This manipulation causes improper update of reference count. This vulnerability appears as CVE-2025-71097. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. It has been rated as critical. The affected element is the function parse_apply_sb_mount_options in the library string.h of the component ext4. Performing a manipulation of the argument s_mount_opts results in buffer overflow. This vulnerability is identified as CVE-2025-71123. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.64/6.18.3/6.19-rc3. This issue affects the function sk_state_change of the file net/mptcp/subflow.c of the component mptcp. The manipulation leads to state issue. This vulnerability is traded as CVE-2025-71088. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Affected by this vulnerability is the function asix_read_phy_addr of the file drivers/net/phy/mdio_bus.c of the component ASIX Driver. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-71094. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.63/6.18.3/6.19-rc3. The affected element is the function rt6_get_pcpu_route of the component ipv6. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2025-71080. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. This affects the function cancel_work_sync of the component RDMA. Performing a manipulation results in improper update of reference count. This vulnerability is cataloged as CVE-2025-71084. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.118/6.6.62/6.11.9. This issue affects the function mptcp_rcv_space_adjust. The manipulation results in divide by zero. This vulnerability is cataloged as CVE-2024-53122. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.