Vuldb Updates

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-22076. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected by this vulnerability is the function dom_data_init of the component resctrl. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38049. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.24/6.14.3. This issue affects the function enable_streams. The manipulation leads to state issue. The identification of this vulnerability is CVE-2025-37870. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this issue is the function msm_parse_deps of the component gem. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-22096. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected is the function may_goto of the component bpf. The manipulation of the argument interpreters[] leads to improper validation of array index. This vulnerability is traded as CVE-2025-22087. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. Affected is the function test_progs of the component riscv. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-37822. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2/6.15-rc1. Affected by this vulnerability is the function dmam_free_coherent. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-37837. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.14.2/6.15-rc1. This affects the function erratum_1386_microcode. The manipulation leads to improper null termination. This vulnerability is uniquely identified as CVE-2025-37751. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. It has been declared as critical. Affected by this vulnerability is the function txgbe_probe of the component net. The manipulation leads to double free. This vulnerability is known as CVE-2025-37872. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.3/6.15-rc2. It has been rated as critical. This issue affects the function sysfs_emit_at of the file fs/sysfs/file.c. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-37866. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.13.10/6.14.1. Affected by this issue is the function zynqmp_dp_ignore_hpd_set of the component drm. The manipulation leads to deadlock. This vulnerability is handled as CVE-2025-22098. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. It has been rated as critical. This issue affects the function is_copy_from_user of the component mce. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-39989. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2/6.15-rc1. This issue affects the function page_pool_dev_alloc_pages of the component net. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37755. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. It has been declared as problematic. This vulnerability affects the function num_relocations of the component riscv. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-37975. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3/e91dab550dd1d2221333cac9f5c012ab5193696f and classified as critical. Affected by this vulnerability is the function __btrfs_add_free_space_zoned of the component btrfs. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-37827. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.13.10/6.14.1. This issue affects the function pcmcia_driver. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-39755. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. Affected by this vulnerability is the function mtk_scp of the component mediatek. The manipulation leads to improper initialization. This vulnerability is known as CVE-2025-23160. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. This vulnerability affects the function tpm_find_get_ops in the library drivers/i2c/i2c-core.h of the component tpm. The manipulation leads to insufficiently random values. This vulnerability was named CVE-2025-23149. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. It has been declared as critical. Affected by this vulnerability is the function typec_partner_unlink_device of the component usb. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-37809. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.23/6.13.11/6.14.2 and classified as critical. This vulnerability affects unknown code of the component HID. The manipulation leads to infinite loop. This vulnerability was named CVE-2025-37942. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.