{"uuid": "1e7723c5-3aad-4547-b077-d932f29903fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37749", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37749\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4  p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\n type = 0x1,\n ver = 0x1,\n code = 0x0,\n sid = 0x2,\n        length = 0x0,\n tag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n      tail = 0x16,\n      end = 0x140,\n      head = 0xffff88803346f400 \"4\",\n      data = 0xffff88803346f416 \":\\377\",\n      truesize = 0x380,\n      len = 0x0,\n      data_len = 0x0,\n      mac_len = 0xe,\n      hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]\n\ud83d\udccf Published: 2025-05-01T12:55:55.316Z\n\ud83d\udccf Modified: 2025-05-01T12:55:55.316Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca\n2. https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8\n3. https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533\n4. https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5\n5. https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e\n6. https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821", "creation_timestamp": "2025-05-01T13:14:43.000000Z"}