Vuldb Updates

A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.46/6.10.5. The affected element is the function gue_gro_receive of the component fou. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2024-44940. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.45/6.10.4/6.11-rc1. It has been classified as problematic. Affected is the function csum_start of the file net/core/dev.c. This manipulation causes improper initialization. This vulnerability is handled as CVE-2024-43897. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.6.46/6.10.5. Impacted is the function BLKSTOL2 of the component jfs. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2024-44938. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as critical. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. This vulnerability appears as CVE-2025-11123. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in mafintosh tar-fs up to 1.16.4/2.1.2/3.1.0. Affected by this vulnerability is an unknown functionality. The manipulation results in path traversal. This vulnerability is identified as CVE-2025-59343. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.10.4. The affected element is the function drm_client_modeset_probe. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2024-43894. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.4 and classified as critical. This impacts the function uart_get_divisor of the file drivers/tty/serial/serial_core.c. The manipulation results in divide by zero. This vulnerability is known as CVE-2024-43893. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.4. It has been classified as problematic. This affects the function get_free_elt. Performing manipulation results in infinite loop. This vulnerability is known as CVE-2024-43890. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.10.4. It has been declared as critical. This vulnerability affects the function event_release. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2024-43891. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.45/6.10.4. Affected by this issue is the function idr_alloc of the component memcg. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2024-43892. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.10.223/5.15.164/6.1.104/6.6.45/6.10.4 and classified as critical. Affected by this issue is the function padata_mt_helper of the file padata.c. Such manipulation leads to divide by zero. This vulnerability is traded as CVE-2024-43889. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.4 and classified as critical. Affected by this vulnerability is the function mem_cgroup_from_slab_obj of the component list_lru. This manipulation causes use after free. This vulnerability appears as CVE-2024-43888. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.10.4 and classified as problematic. This affects the function static_key_fast_inc_not_disabled of the component TCP Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-43887. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.14.10/6.15.1. Affected is the function binderfs_evict_inode of the component binder. Performing manipulation results in use after free. This vulnerability is identified as CVE-2025-38176. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.14.10/6.15.1. Affected by this vulnerability is the function binder_free_proc of the component binder. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2025-38175. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.10.4. Affected by this vulnerability is the function resource_log_pipe_topology_update of the component AMD Display. Performing manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-43886. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.15.1. This impacts the function tb_cfg_request_dequeue of the component thunderbolt. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-38174. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2025-11120. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-11122. The attack can be launched remotely. Moreover, an exploit is present.