VulDB Recent Entries

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. This affects the function mtk_pmic_keys_probe. The manipulation of the argument regs leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-37972. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5. It has been declared as critical. Affected by this vulnerability is the function zpci_create_device. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-37974. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc1/6.15-rc2/6.15-rc5 and classified as problematic. This issue affects the function dml2_validate. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-37965. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.6/6.15-rc5. It has been classified as critical. Affected is the function ucsi_con_mutex_lock of the component UCSI Driver. The manipulation leads to deadlock. This vulnerability is traded as CVE-2025-37967. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15-rc3 and classified as critical. This vulnerability affects unknown code of the component leds. The manipulation leads to memory leak. This vulnerability was named CVE-2025-37989. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15-rc5. Affected by this issue is the function st_lsm6dsx of the component iio. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2025-37970. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.135/6.6.87/6.12.24/6.14.3/6.15-rc2. This affects the function sc7280_snd_hw_params of the component ASoC. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-37979. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15-rc5. Affected by this vulnerability is the function st_lsm6dsx of the component iio. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-37969. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.87/6.12.24/6.14.3/6.15-rc2. Affected is the function blk_register_queue of the component block. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-37980. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. It has been declared as problematic. This vulnerability affects the function num_relocations of the component riscv. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-37975. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.6/6.15-rc5. It has been rated as critical. This issue affects the function opt3001_irq. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2025-37968. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. It has been classified as problematic. This affects an unknown part of the component usb. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2025-37986. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.2 and classified as critical. Affected by this vulnerability is the function ath12k_dp_mon_srng_process of the component wifi. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-37976. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.6/6.15-rc5 and classified as critical. Affected by this issue is some unknown functionality of the component riscv. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-37966. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5. Affected is the function v4l2_dev of the component bcm2835-camera. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-37971. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15-rc4. This issue affects some unknown processing of the file fpe.c of the component parisc. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-37991. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to d1347977661342cb09a304a17701eb2d4aa21dec. This vulnerability affects the function should_flush_tlb. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-37964. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to a41cd52f00907a040ca22c73d4805bb79b0d0972. This affects the function parse_lease_state of the component ksmbd. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-37962. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. It has been rated as problematic. Affected by this issue is the function d_alloc of the component ksmbd. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-37956. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component arm64. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2025-37963. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.