Vuldb Updates

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.91/6.12.29/6.14.7. Affected is the function idxd_cleanup of the component dmaengine. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-38014. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7/9526f051bedde01baa50081afe143a8bc5b8e6be. It has been rated as critical. This vulnerability affects the function idxd_alloc of the component dmaengine. This manipulation causes memory leak. This vulnerability is registered as CVE-2025-38015. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. Affected by this issue is the function tegra186_utmi_pad_power_down of the component phy. Such manipulation leads to improper update of reference count. This vulnerability is referenced as CVE-2025-38010. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.29/6.14.7 and classified as problematic. Impacted is the function amdgpu_kms of the component AMD GPU. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2025-38011. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.29/6.14.7. It has been rated as problematic. This affects the function bpf_iter_scx_dsq_new of the component sched_ext. Performing a manipulation of the argument kit results in uninitialized pointer. This vulnerability is reported as CVE-2025-38012. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. This vulnerability affects the function static_branch_enc/static_branch_dec of the component page_alloc. Executing a manipulation can lead to race condition. This vulnerability is tracked as CVE-2025-38008. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7. It has been declared as critical. The impacted element is the function uclogic_input_configured of the component HID. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38007. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.7 and classified as problematic. This issue affects the function mt76_dma_cleanup of the file net/core/dev.c of the component mt76. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-38009. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.91/6.12.29/6.14.7. It has been classified as problematic. The affected element is the function mctp_dump_addrinfo of the component net. This manipulation of the argument ifa_index causes information disclosure. This vulnerability is registered as CVE-2025-38006. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.14.7. This affects the function udma_start of the file k3-udma.c of the component dmaengine. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2025-38005. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.59. This issue affects the function FEAT_EPAN. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2022-50232. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.102/6.6.43/6.10.2. The impacted element is the function imx_rproc_addr_init of the component remoteproc. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-43860. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Exynos 2200. Affected is an unknown function of the component GPU. Performing a manipulation results in double free. This vulnerability is known as CVE-2023-41911. Attacking locally is a requirement. No exploit is available.

A vulnerability has been found in lldpd up to 1.0.16 and classified as problematic. Affected is an unknown function of the file daemon/protocols/cdp.c of the component CDP PDU Packet Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-41910. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Cerebrate up to 1.14. This vulnerability affects unknown code. The manipulation results in sensitive cookie without secure attribute. This vulnerability is cataloged as CVE-2023-41908. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Zoho ManageEngine ADManager Plus up to 7202 and classified as critical. Affected by this vulnerability is an unknown functionality of the component REST API. The manipulation results in improper authentication. This vulnerability is identified as CVE-2023-41904. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in NetScout nGeniusONE 6.3.4 Build 2298. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2023-41905. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in CoreCode MacUpdater up to 2.3.7/3.1.1. It has been declared as problematic. This affects an unknown function of the component XPC Handler. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2023-41902. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Zscaler Proxy up to 3.6.1.25. This issue affects some unknown processing of the component File Handler. Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2023-41717. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Open5GS up to 2.7.6. It has been classified as problematic. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. This vulnerability is known as CVE-2026-1737. Remote exploitation of the attack is possible. Furthermore, an exploit is available. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.