Aggregator

CVE-2025-21769 | Linux Kernel up to 6.13.3/6.14-rc2 vmclock_miscdev_fops privilege escalation (Nessus ID 250084 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.13.3/6.14-rc2. The affected element is the function vmclock_miscdev_fops. Executing a manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2025-21769. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

vuldb.com

CVE-2025-21770 | Linux Kernel up to 6.12.15/6.13.3/6.14-rc2 iopf_queue_remove_device memory leak (Nessus ID 236983 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. Impacted is the function iopf_queue_remove_device. This manipulation causes memory leak. This vulnerability is registered as CVE-2025-21770. It is feasible to perform the attack on the physical device. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-21766 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 __ip_rt_update_pmtu information disclosure (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been classified as problematic. Affected by this issue is the function __ip_rt_update_pmtu. Performing a manipulation results in information disclosure. This vulnerability is identified as CVE-2025-21766. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-21767 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc1 Function Call spinlock_rt.c migrate_disable entropy (Nessus ID 232678 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc1. This affects the function migrate_disable of the file kernel/locking/spinlock_rt.c of the component Function Call Handler. The manipulation results in insufficient entropy in prng. This vulnerability is identified as CVE-2025-21767. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-21762 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 arp_xmit use after free (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been classified as critical. Impacted is the function arp_xmit. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2025-21762. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-21763 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 neighbour __neigh_notify use after free (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability classified as critical was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. The affected element is the function __neigh_notify of the component neighbour. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-21763. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-21764 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 ndisc_alloc_skb use after free (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. Affected is the function ndisc_alloc_skb. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-21764. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

vuldb.com

CVE-2025-21765 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 ip6_default_advmss information disclosure (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been declared as problematic. This affects the function ip6_default_advmss. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2025-21765. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-21761 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 openvswitch ovs_vport_cmd_fill_info use after free (Nessus ID 230858 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. Affected by this issue is the function ovs_vport_cmd_fill_info of the component openvswitch. Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-21761. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

vuldb.com

Week in review: PoC for FortiSIEM flaw released, Rakuten Viber CISO/CTO on messaging risks

Help Net Security

2 months 2 weeks ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What security teams can learn from torrent metadata Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that same torrent activity through an open source intelligence lens and asks how … More →

The post Week in review: PoC for FortiSIEM flaw released, Rakuten Viber CISO/CTO on messaging risks appeared first on Help Net Security.

Help Net Security

Weekly Update 487

2 months 2 weeks ago

I thought Scott would cop it first when he posted about what his solar system really cost him last year. "You're so gonna get that stupid AI-slop response from some people", I joked. But no, he got other stupid responses instead! And I got the AI-slop

Troy Hunt

【资料】认知战-北约首席科学家研究报告

丁爸情报分析师的工具箱

2 months 2 weeks ago

《认知战——北约首席科学家研究报告》详细阐述了北约在面对新兴技术与混合威胁时，如何通过科学技术（S&T）研究来应对认知战的挑战。报告涵盖了战略环境分析、北约的应对策略、STO（科学技术组织）的具体研究活动以及跨机构协作等内容。

CVE-2025-21760 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 ndisc_send_skb information disclosure (Nessus ID 230782 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been declared as problematic. The affected element is the function ndisc_send_skb. Executing a manipulation can lead to information disclosure. This vulnerability appears as CVE-2025-21760. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-21758 | Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2 ipv6 mld_newpack allocation of resources (Nessus ID 233595 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. It has been rated as problematic. Affected is the function mld_newpack of the component ipv6. This manipulation causes allocation of resources. This vulnerability appears as CVE-2025-21758. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

vuldb.com

CVE-2025-21757 | Linux Kernel up to 6.14-rc1 ioam6.sh dst_cache_get memory leak (WID-SEC-2025-0453)

2 months 2 weeks ago

Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

vuldb.com

CVE-2025-21754 | Linux Kernel up to 6.6.77/6.12.13/6.13.2/6.14-rc1 Direct IO Write btrfs_destroy_ordered_extents injection (Nessus ID 232678 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.77/6.12.13/6.13.2/6.14-rc1. This impacts the function btrfs_destroy_ordered_extents of the component Direct IO Write Handler. Such manipulation leads to injection. This vulnerability is referenced as CVE-2025-21754. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-21756 | Linux Kernel up to 6.6.78/6.12.15/6.13.3 lib/refcount.c bind use after free (EUVD-2025-5169 / Nessus ID 230792)

2 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3. It has been declared as critical. This impacts the function bind in the library lib/refcount.c. The manipulation results in use after free. This vulnerability is reported as CVE-2025-21756. The attacker must have access to the local network to execute the attack. Moreover, an exploit is present. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-21752 | Linux Kernel up to 6.13.2 fs/btrfs/ctree.c btrfs_set_item_key_safe privilege escalation (Nessus ID 230714 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.13.2. This affects the function btrfs_set_item_key_safe of the file fs/btrfs/ctree.c. This manipulation causes privilege escalation. The identification of this vulnerability is CVE-2025-21752. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-21753 | Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2/6.14-rc1 btrfs events_unbound use after free (Nessus ID 232643 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2/6.14-rc1. The impacted element is the function events_unbound of the component btrfs. The manipulation results in use after free. This vulnerability was named CVE-2025-21753. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-21751 | Linux Kernel up to 6.13.2 mlx5 reconnects use after free (Nessus ID 234946 / WID-SEC-2025-0453)

2 months 2 weeks ago

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.2. Affected is the function reconnects of the component mlx5. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2025-21751. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com