Aggregator

Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4 and classified as critical. The impacted element is the function smb2_sess_setup of the component ksmbd. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2025-37899. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. Affected is the function iommu_copy_struct_from_user of the component iommu. Executing manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2025-37900. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4 and classified as critical. Affected by this issue is some unknown functionality of the component qcom-mpm. The manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-37901. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.14.5/6.15-rc4. This vulnerability affects the function module_memory_alloc. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-37898. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.5/6.15-rc4. It has been declared as problematic. This vulnerability affects the function spi_mem_calc_op_duration of the component SPI. Such manipulation leads to divide by zero. This vulnerability is documented as CVE-2025-37896. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4. Affected is the function plfxlc_mac_release of the file drivers/net/wireless/purelifi/plfxlc/mac.c of the component wifi. Performing manipulation results in reachable assertion. This vulnerability was named CVE-2025-37897. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. This issue affects the function sock_gen_put of the file mrdump.ko. This manipulation causes improper update of reference count. The identification of this vulnerability is CVE-2025-37894. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. Impacted is the function bnxt_init_chip of the file kernel/workqueue.c. Such manipulation leads to improper initialization. This vulnerability is referenced as CVE-2025-37895. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.87/6.12.24/6.14.3/6.15-rc2. The impacted element is the function dsa_switch_supports_uc_filtering of the component DSA Interface. Such manipulation leads to reachable assertion. This vulnerability is referenced as CVE-2025-37864. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

Name: SECCON CTF 14 Quals (an SECCON CTF event.)
Date: Dec. 13, 2025, 5 a.m. — 14 Dec. 2025, 05:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.seccon.jp/
Rating weight: 100.00
Event organizers: SECCON CTF

Name: Cybercoliseum IV (an Codeby Games event.)
Date: Dec. 13, 2025, 7 a.m. — 14 Dec. 2025, 07:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://cybercoliseum.hackerlab.pro/en
Rating weight: 0.00
Event organizers: Codeby Games

Седьмая атака за год поставила компанию в критическое положение.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.23/6.13.11/6.14.2. Impacted is the function do_el0_mops of the component arm64. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-37846. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2/6.15-rc1. Affected by this vulnerability is the function try_module_get. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-37845. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.14.2 and classified as critical. This vulnerability affects the function pidff_find_fields of the component HID. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-37862. The attack may be carried out on the physical device. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.23/6.13.11/6.14.2. The impacted element is the function pci_lock_rescan_remove of the component PCI. Performing manipulation results in deadlock. This vulnerability is cataloged as CVE-2025-37843. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.13.11/6.14.2 and classified as critical. Affected by this vulnerability is the function devm_add_action_or_reset of the component spi. This manipulation causes denial of service. This vulnerability appears as CVE-2025-37842. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 53e83828d352304fec5e19751f38ed8c65e6ec2f. Impacted is the function cifs_server_dbg of the component cifs. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-37844. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.4/6.16-rc3. It has been declared as critical. This affects the function appletb_kbd_probe of the component HID. The manipulation results in improper update of reference count. This vulnerability was named CVE-2025-38235. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.