VulDB Recent Entries

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as critical. Affected is the function ath12k_mac_station_add of the component wifi. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-38199. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3 and classified as critical. This issue affects the function fb_add_videomode of the component fbdev. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-38214. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.3 and classified as critical. This vulnerability affects the function populate_dummy_dml_surface_cfg. The manipulation leads to divide by zero. This vulnerability was named CVE-2025-38205. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3. Affected by this issue is the function fbcon_info_from_console of the file drivers/video/fbdev/core/fbcon.c of the component fbcon. The manipulation leads to improper validation of array index. This vulnerability is handled as CVE-2025-38198. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.15.3. This affects the function i40e_clear_hw of the component i40e. The manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2025-38200. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Affected by this vulnerability is the function automount_fullpath of the component smb. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38208. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.4.294/5.10.238/5.15.185/6.15.3. Affected is the function add_missing_indices of the component jfs. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-38204. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16-rc2. It has been rated as critical. This issue affects the function dell_rbu. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-38197. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function huge_pte_offset of the component LoongArch. The manipulation leads to unchecked return value. This vulnerability was named CVE-2025-38195. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as problematic. This affects the function jffs2_link_node_ref of the file fs/jffs2/nodelist.c of the component jffs2. The manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2025-38194. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3 and classified as critical. Affected by this issue is the function create_proc_exports_entry of the file /proc/fs/nfsd of the component NFSD. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38232. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.3 and classified as problematic. Affected by this vulnerability is the function vgacon_scroll of the component vgacon. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-38213. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3/6.16-rc2. Affected is the function ksmbd_krb5_authenticate of the component ksmbd. The manipulation of the argument User leads to null pointer dereference. This vulnerability is traded as CVE-2025-38191. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. This issue affects the function usb_bulk_msg of the file drivers/media/usb/dvb-usb/cxusb.c of the component media. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-38229. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.15.3. This vulnerability affects the function truncate_inode_partial_folio of the file /mnt/foo of the component ext4. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-38221. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.34/6.15.3/f14512f3ee09cda986191c8dd7f54972afa2c763. This affects the function alloc_candev of the component can. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2025-38224. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3. It has been declared as problematic. Affected by this vulnerability is the function __kvmalloc_node_noprof of the component netfilter. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2025-38201. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3/6.16-rc2. It has been rated as critical. Affected by this issue is the function CP_RESET_CONTEXT_STATE. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-38188. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as critical. Affected is the function nvme_tcp_setup_ctrl. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-38209. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3 and classified as problematic. This issue affects the function v4l2_rect_map_inside of the file drivers/media/common/v4l2-tpg/v4l2-tpg-core.c of the component media. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-38226. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.