Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.14.7. It has been declared as critical. Affected is the function main of the component eventpoll. Executing a manipulation of the argument timed_out can lead to deadlock. This vulnerability is registered as CVE-2025-38017. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7. This impacts the function tls_strp_flush_anchor_copy of the component Virtual Address Handler. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-38018. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. The affected element is an unknown function of the component spectrum_router. This manipulation causes use after free. This vulnerability is handled as CVE-2025-38019. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.29/6.14.7. It has been classified as problematic. This impacts the function hid_bpf_destroy_device of the component HID. Performing a manipulation results in injection. This vulnerability is cataloged as CVE-2025-38016. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.91/6.12.29/6.14.7. This impacts the function n_channels of the file net/mac80211/scan.c of the component wifi. Executing a manipulation can lead to improper validation of array index. This vulnerability appears as CVE-2025-38013. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.91/6.12.29/6.14.7. Affected is the function idxd_cleanup of the component dmaengine. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-38014. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7/9526f051bedde01baa50081afe143a8bc5b8e6be. It has been rated as critical. This vulnerability affects the function idxd_alloc of the component dmaengine. This manipulation causes memory leak. This vulnerability is registered as CVE-2025-38015. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. Affected by this issue is the function tegra186_utmi_pad_power_down of the component phy. Such manipulation leads to improper update of reference count. This vulnerability is referenced as CVE-2025-38010. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.29/6.14.7 and classified as problematic. Impacted is the function amdgpu_kms of the component AMD GPU. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2025-38011. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.29/6.14.7. It has been rated as problematic. This affects the function bpf_iter_scx_dsq_new of the component sched_ext. Performing a manipulation of the argument kit results in uninitialized pointer. This vulnerability is reported as CVE-2025-38012. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. This vulnerability affects the function static_branch_enc/static_branch_dec of the component page_alloc. Executing a manipulation can lead to race condition. This vulnerability is tracked as CVE-2025-38008. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7. It has been declared as critical. The impacted element is the function uclogic_input_configured of the component HID. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38007. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.7 and classified as problematic. This issue affects the function mt76_dma_cleanup of the file net/core/dev.c of the component mt76. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-38009. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. It has been classified as problematic. The affected element is the function mctp_dump_addrinfo of the component net. This manipulation of the argument ifa_index causes information disclosure. This vulnerability is registered as CVE-2025-38006. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.14.7. This affects the function udma_start of the file k3-udma.c of the component dmaengine. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2025-38005. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.59. This issue affects the function FEAT_EPAN. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2022-50232. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.102/6.6.43/6.10.2. The impacted element is the function imx_rproc_addr_init of the component remoteproc. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-43860. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Exynos 2200. Affected is an unknown function of the component GPU. Performing a manipulation results in double free. This vulnerability is known as CVE-2023-41911. Attacking locally is a requirement. No exploit is available.

A vulnerability has been found in lldpd up to 1.0.16 and classified as problematic. Affected is an unknown function of the file daemon/protocols/cdp.c of the component CDP PDU Packet Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-41910. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Cerebrate up to 1.14. This vulnerability affects unknown code. The manipulation results in sensitive cookie without secure attribute. This vulnerability is cataloged as CVE-2023-41908. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.