{"uuid": "7a3b7b3e-048c-4458-9d47-ca59e1c7f3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37749", "type": "seen", "source": "https://t.me/cvedetector/24222", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37749 - Linux PPP Out-of-Bounds Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37749 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: ppp: Add bound checking for skb data on ppp_sync_txmung  \n  \nEnsure we have enough data in linear buffer from skb before accessing  \ninitial bytes. This prevents potential out-of-bounds accesses  \nwhen processing short packets.  \n  \nWhen ppp_sync_txmung receives an incoming package with an empty  \npayload:  \n(remote) gef\u27a4  p *(struct pppoe_hdr *) (skb->head + skb->network_header)  \n$18 = {  \n type = 0x1,  \n ver = 0x1,  \n code = 0x0,  \n sid = 0x2,  \n        length = 0x0,  \n tag = 0xffff8880371cdb96  \n}  \n  \nfrom the skb struct (trimmed)  \n      tail = 0x16,  \n      end = 0x140,  \n      head = 0xffff88803346f400 \"4\",  \n      data = 0xffff88803346f416 \":\\377\",  \n      truesize = 0x380,  \n      len = 0x0,  \n      data_len = 0x0,  \n      mac_len = 0xe,  \n      hdr_len = 0x0,  \n  \nit is not safe to access data[2].  \n  \n[pabeni@redhat.com: fixed subj typo] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:18.000000Z"}