Aggregator

A significant security vulnerability discovered in the widely used Sudo utility has remained hidden for over 12 years, potentially exposing millions of Linux and Unix systems to privilege escalation attacks.  The vulnerability identified as CVE-2025-32462 allows unauthorized users to gain root access on affected systems by exploiting the Sudo host option functionality. Key Takeaways1. 12-Year-Old […]

The post 12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 6.15.2 and classified as problematic. This issue affects the function usbhs_probe of the component usb. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-38136. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.2 and classified as critical. This vulnerability affects the function mlb_usio_probe of the component serial. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38135. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.15.2. This affects the function ad4851_parse_channels_common. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-38133. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.15.2. Affected by this issue is the function cscfg_load_config_sets of the component coresight. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-38132. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2. Affected by this vulnerability is the function cscfg_csdev_enable_active_config. The manipulation leads to use after free. This vulnerability is known as CVE-2025-38131. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.2. Affected is the function txopt_get of the component calipso. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38147. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been rated as critical. This issue affects the function rescan_work_func. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-38137. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

卷王新姿势，重大在安全副本开AI外挂！

引领安全智能体发展

A vulnerability was found in Linux Kernel up to 6.12.33/6.15.2. It has been declared as critical. This vulnerability affects the function usb_acpi_add_usb4_devlink of the component acpi. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38134. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.33/6.15.2. It has been classified as critical. This affects the function dm_get_live_table. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-38141. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2 and classified as problematic. Affected by this issue is the function dm_revalidate_zones. The manipulation of the argument nr_zones leads to allocation of resources. This vulnerability is handled as CVE-2025-38140. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.2 and classified as problematic. Affected by this vulnerability is the function netfs_retry_write_stream in the library lib/iov_iter.c. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-38139. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Сколько стоит предательство, если ты знаешь цену выкупа?

地球上的大部分水资源都是海水，由于盐分过高而无法饮用。海水淡化厂可将海水淡化处理成饮用水，然而该过程需要消耗大量能源。香港研究团队在《ACS Energy Letters》发表研究成果，其研发出一种具有长链微气囊结构的海绵结构材料，结合阳光照射与简易塑料罩，成功实现盐水资源向淡水的转化。一项户外原理验证实验成功在自然光照条件下产出可直接饮用的淡水，标志着实现低能耗可持续海水淡化技术的重大进展。在户外测试中，研究人员将这种材料置于盛有海水的蒸发容器中，上方覆盖弧形透明塑料罩。阳光加热海绵结构材料顶部时，仅会将水分蒸发为水蒸气（盐分会被阻隔）。蒸气在塑料罩内壁凝结为液态水，沿罩壁汇集至边缘，最终滴入蒸发容器下方的漏斗中，以另一容器盛放。经过 6 小时自然光照，该系统最终产出约 3 汤匙的饮用水。

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]