VulDB Recent Entries

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.15.3. Affected is the function arch_bpf_trampoline_size. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-38339. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. This issue affects the function p54_rx_eeprom_readback of the component wifi. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-38348. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. This vulnerability affects the function hung_task_timeout_secs of the file /proc/sys/kernel/hung_task_timeout_secs of the component f2fs. The manipulation leads to deadlock. This vulnerability was named CVE-2025-38347. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. This affects an unknown part of the component wifi. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38343. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been rated as problematic. Affected by this issue is the function software_node_get_reference_args. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-38342. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3/6.16-rc2. It has been classified as critical. Affected is the function fbnic_mbx_map_msg of the component eth. The manipulation leads to double free. This vulnerability is traded as CVE-2025-38341. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16-rc2. It has been declared as critical. Affected by this vulnerability is the function pata_via of the component ata. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-38336. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3 and classified as problematic. This issue affects the function gpio_keys_irq_timer of the file kernel/locking/spinlock_rt.c. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-38335. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3 and classified as problematic. This vulnerability affects the function arch_memory_failure of the component SGX Page. The manipulation leads to state issue. This vulnerability was named CVE-2025-38334. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. This affects the function nfs_return_empty_folio. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-38338. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.3. Affected by this vulnerability is the function jbd2_journal_dirty_metadata of the component jbd2. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38337. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. Affected by this issue is the function cs_dsp_mock_bin_add_name_or_info of the component firmware. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-38340. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.3. Affected is the function kmem_cache_destroy of the file dswstate.c of the component SCI Handler. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-38345. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been rated as critical. This issue affects the function kmem_cache_create of the component SCI Handler. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-38344. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. This vulnerability affects the function ftrace_mod_get_kallsym of the component ftrace. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-38346. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3. It has been classified as problematic. This affects the function get_new_segment of the file fs/f2fs/segment.c of the component f2fs. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-38333. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3 and classified as critical. Affected by this issue is some unknown functionality of the component net. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2025-38331. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.11.5/18.0.3/18.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-6948. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GitLab Enterprise Edition up to 18.0.3/18.1.1. Affected is an unknown function of the component API Request Handler. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2025-6168. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GitLab Enterprise Edition up to 18.0.3/18.1.1. This issue affects some unknown processing of the component Group Invitation Handler. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-4972. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.