VulDB Recent Entries

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects an unknown part of the component comedi. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-38482. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this issue is the function insn_rw_emulate_bits of the file comedi_fops.c of the component Subdevice Driver. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2025-38480. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function do_insn_ioctl of the component comedi. The manipulation leads to improper initialization. This vulnerability is known as CVE-2025-38478. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected is the function sch_qfq. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-38477. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been rated as problematic. This issue affects some unknown processing of the component usb. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-38474. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. It has been declared as critical. This vulnerability affects the function page_pool_put_full_page of the component net. The manipulation leads to denial of service. This vulnerability was named CVE-2025-38490. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. It has been classified as critical. This affects the function bpf_arch_text_poke. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-38489. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 and classified as critical. Affected by this issue is the function crypt_message of the component smb. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38488. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.7 and classified as critical. Affected by this vulnerability is the function set_channel_map of the component BRK Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-38486. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected is the function COMEDI_INSNLIST. The manipulation of the argument n_insns leads to buffer overflow. This vulnerability is traded as CVE-2025-38481. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function __nf_conntrack_find_get of the component netfilter. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-38472. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7/2277d7cbdf47531b2c3cd01ba15255fa955aab35. This vulnerability affects the function tls_strp_check_rcv of the component tls. The manipulation leads to use after free. This vulnerability was named CVE-2025-38471. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. This affects the function timerlat_dump_stack in the library lib/string_helpers.c. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-38493. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been rated as critical. Affected by this issue is the function unregister_vlan_dev of the component 8021q Module. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-38470. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.39/6.15.7/6654efe264b014d8ea9fc38f79efb568b1b79069/609937aa962a62e93acfc04dd370b665e6152dfb. It has been declared as critical. Affected by this vulnerability is the function __mptcp_do_fallback in the library net/mptcp/protocol.h of the component mptcp. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-38491. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been classified as critical. Affected is the function l2cap_sock_resume_cb of the file include/linux/instrumented.h of the component Bluetooth. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-38473. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.39/6.15.7 and classified as critical. This issue affects the function cipso_v4_sock_setattr of the component smc. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-38475. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7 and classified as problematic. This vulnerability affects the function kmalloc_array of the component KVM. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-38469. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function htb_enqueue. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38468. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this issue is the function rpl_do_srh_inline. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-38476. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.