Aggregator

CVE-2025-68223 | Linux Kernel up to 6.12.59/6.17.9 is_signaled deadlock (Nessus ID 298404 / WID-SEC-2025-2868)

Vuldb Updates
2 months ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.59/6.17.9. This affects the function is_signaled. This manipulation causes deadlock. This vulnerability is handled as CVE-2025-68223. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-68211 | Linux Kernel up to 6.12.58/6.17.8 ksm scan_get_next_rmap_item deadlock (EUVD-2025-203685 / Nessus ID 298404)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 6.12.58/6.17.8. It has been declared as critical. The affected element is the function scan_get_next_rmap_item of the component ksm. The manipulation results in deadlock. This vulnerability is cataloged as CVE-2025-68211. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-68214 | Linux Kernel up to 6.1.158/6.6.117/6.12.59/6.17.9 timers timer_shutdown_sync race condition (Nessus ID 282382 / WID-SEC-2025-2868)

Vuldb Updates
2 months ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.158/6.6.117/6.12.59/6.17.9. Affected by this vulnerability is the function timer_shutdown_sync of the component timers. Executing a manipulation can lead to race condition. This vulnerability is registered as CVE-2025-68214. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-40149 | Linux Kernel up to 6.17.2 __sk_dst_get use after free (EUVD-2025-124934 / Nessus ID 279063)

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.17.2. This impacts the function __sk_dst_get. The manipulation leads to use after free. This vulnerability is referenced as CVE-2025-40149. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-40164 | Linux Kernel up to 6.17.4/6.18-rc1 usbnet smp_processor_id stack-based overflow (Nessus ID 275226 / WID-SEC-2025-2579)

Vuldb Updates
2 months ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17.4/6.18-rc1. Impacted is the function smp_processor_id of the component usbnet. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-40164. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-40251 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 new_device devl_rate_nodes_destroy reference count (Nessus ID 277523 / WID-SEC-2025-2747)

Vuldb Updates
2 months ago
A vulnerability has been found in Linux Kernel up to 6.6.117/6.12.59/6.17.9 and classified as critical. This affects the function devl_rate_nodes_destroy of the file /sys/bus/netdevsim/new_device. This manipulation causes improper update of reference count. The identification of this vulnerability is CVE-2025-40251. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-40090 | Linux Kernel up to 6.12.54/6.17.4/6.18-rc1 ksmbd_session_rpc_method race condition (Nessus ID 272092 / WID-SEC-2025-2450)

Vuldb Updates
2 months ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.54/6.17.4/6.18-rc1. Affected by this vulnerability is the function ksmbd_session_rpc_method. Executing a manipulation can lead to race condition. This vulnerability is registered as CVE-2025-40090. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-40039 | Linux Kernel up to 6.12.52/6.17.2 ksmbd_session_rpc_open use after free (Nessus ID 271914 / WID-SEC-2025-2431)

Vuldb Updates
2 months ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.52/6.17.2. Affected is the function ksmbd_session_rpc_open. This manipulation causes use after free. This vulnerability is handled as CVE-2025-40039. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-40040 | Linux Kernel up to 6.6.113/6.12.54/6.17.2 ksm userfaultfd_release_all denial of service (EUVD-2025-36488 / Nessus ID 271902)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 6.6.113/6.12.54/6.17.2. It has been rated as critical. Impacted is the function userfaultfd_release_all of the component ksm. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2025-40040. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-40082 | Linux Kernel up to 6.17.2 hfsplus_uni2asc out-of-bounds (Nessus ID 271867 / WID-SEC-2025-2431)

Vuldb Updates
2 months ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.17.2. Impacted is the function hfsplus_uni2asc. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2025-40082. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

NDSS 2025 – Translating C To Rust: Lessons From A User Study

Security Boulevard
2 months ago

Session 13D: Software Security: Code and Compiler

Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National University of Singapore), Ashish Kundu (Cisco Research)

PAPER
Translating C To Rust: Lessons From A User Study

Rust aims to offer full memory safety for programs, a guarantee that untamed C programs do not enjoy. How difficult is it to translate existing C code to Rust? To get a complementary view from that of automatic C to Rust translators, we report on a user study asking humans to translate real-world C programs to Rust. Our participants are able to produce safe Rust translations, whereas state-of-the-art automatic tools are not able to do so. Our analysis highlights that the high-level strategy taken by users departs significantly from those of automatic tools we study. We also find that users often choose zero-cost (static) abstractions for temporal safety, which addresses a predominant component of runtime costs in other full memory safety defenses. User-provided translations showcase a rich landscape of specialized strategies to translate the same C program in different ways to safe Rust, which future automatic translators can consider.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Translating C To Rust: Lessons From A User Study appeared first on Security Boulevard.

Marc Handelman

ResidentBat Android Malware Provides Belarusian KGB with Persistent Access to Mobile Devices

Cyber Security News
2 months ago

A newly documented Android spyware called ResidentBat has been linked to the Belarusian KGB, giving state operators deep and persistent access to the mobile devices of journalists and civil society members. First publicly reported in December 2025 through a joint investigation by Reporters Without Borders (RSF) and RESIDENT.NGO, the malware’s code history suggests it was quietly developed […]

The post ResidentBat Android Malware Provides Belarusian KGB with Persistent Access to Mobile Devices appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-3275 | Tenda F453 1.0.0.3 httpd /goform/addressNat fromAddressNat entrys buffer overflow

VulDB Recent Entries
2 months ago
A vulnerability classified as critical was found in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. This vulnerability appears as CVE-2026-3275. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Managed ad