Vuldb Updates

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.14.4/6.15-rc3. This affects the function dequeue_entities of the component Setting Handler. The manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2025-37821. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.135/6.6.88/6.12.25/6.14.4/6.15-rc3 and classified as critical. This issue affects the function huge_pte_offset of the component LoongArch. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-37818. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.88/6.12.25/6.14.4/6.15-rc3. It has been classified as critical. Impacted is the function gicv2m_get_fwnode. This manipulation causes use after free. This vulnerability is registered as CVE-2025-37819. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3/2714ffdbb79b48dda03334a01af90fb024f39047. Affected is an unknown function of the component tty. Such manipulation leads to injection. This vulnerability is listed as CVE-2025-37814. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.88/6.12.25/6.14.4/6.15-rc3/4725344ca645a98a9d8e45e25b01a2244de5b8aa. This affects the function prepare_transfer of the component xhci. Executing manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2025-37813. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15-rc3. It has been rated as critical. This issue affects some unknown processing of the component ci_hdrc_imx. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-37811. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.15-rc3. Impacted is an unknown function of the component cdns3. Such manipulation leads to deadlock. This vulnerability is traded as CVE-2025-37812. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. This affects the function typec_partner_unlink_device of the component usb. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-37809. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.4. The impacted element is the function af_alg of the component crypto. The manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2025-37808. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.15-rc3. Affected by this issue is some unknown functionality. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-37810. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4. It has been classified as critical. Affected is the function is_compressed of the component ntfs3. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-37806. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.88/6.12.25/6.14.4. Impacted is an unknown function of the component io_uring. Performing manipulation results in improper update of reference count. This vulnerability was named CVE-2025-37804. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.25/6.14.4. The affected element is the function htab_elem_set_ptr of the component bpf. Executing manipulation can lead to memory leak. The identification of this vulnerability is CVE-2025-37807. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.15.180/6.1.135/6.6.88/6.12.25/6.14.4. It has been declared as problematic. Affected by this vulnerability is the function virtsnd_probe of the component virtio. Executing manipulation can lead to uninitialized pointer. This vulnerability appears as CVE-2025-37805. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc2. This issue affects the function wait_event_timeout of the component ksmbd. Such manipulation leads to missing initialization of a variable. This vulnerability is uniquely identified as CVE-2025-37802. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.135/6.6.88/6.12.25/6.14.4/6.15-rc2. This vulnerability affects the function spi_imx_setupxfer of the component spi. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-37801. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15-rc1. It has been rated as critical. Affected by this issue is the function size_limit_mb of the component udmabuf. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-37803. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux-PAM and classified as critical. Affected is an unknown function of the component pam_namespace. This manipulation causes symlink following. This vulnerability is registered as CVE-2025-8941. The attack needs to be launched locally. No exploit is available.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.88/6.12.25/6.14.4/6.15-rc3. This affects the function dev_uevent of the component Driver Core. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-37800. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Go up to 1.23.9/1.24.3. The affected element is an unknown function of the component net-http. This manipulation of the argument Proxy-Authorization/Proxy-Authenticate causes permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2025-4673. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.