{"vulnerability": "CVE-2025-2167", "sightings": [{"uuid": "7f71e8b8-8ea2-47a3-b226-389bc74aba7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3656", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21670\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21670\n2. https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a41026f2b0a48c9aab6\n3. https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465134257d9e6f2459\n4. https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820ecea70773e26d423", "creation_timestamp": "2025-01-31T13:15:09.000000Z"}, {"uuid": "67b20557-3f12-479c-bf9f-effc9c50f21a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21676", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3648", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21676\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: handle page_pool_dev_alloc_pages error\n\nThe fec_enet_update_cbd function calls page_pool_dev_alloc_pages but did\nnot handle the case when it returned NULL. There was a WARN_ON(!new_page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis case does seem somewhat rare but when the system is under memory\npressure it can happen. One case where I can duplicate this with some\nfrequency is when writing over a smbd share to a SATA HDD attached to an\nimx6q.\n\nSetting /proc/sys/vm/min_free_kbytes to higher values also seems to solve\nthe problem for my test case. But it still seems wrong that the fec driver\nignores the memory allocation error and can crash.\n\nThis commit handles the allocation error by dropping the current packet.\n\ud83d\udccf Published: 2025-01-31T12:33:03Z\n\ud83d\udccf Modified: 2025-01-31T12:33:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21676\n2. https://git.kernel.org/stable/c/001ba0902046cb6c352494df610718c0763e77a5\n3. https://git.kernel.org/stable/c/1425cb829556398f594658512d49292f988a2ab0\n4. https://git.kernel.org/stable/c/8a0097db0544b658c159ac787319737712063a23", "creation_timestamp": "2025-01-31T13:14:59.000000Z"}, {"uuid": "328f8a72-ea08-4dc4-96fc-a4e5c9e9917f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21672", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3657", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21672\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix merge preference rule failure condition\n\nsyzbot reported a lock held when returning to userspace[1]. This is\nbecause if argc is less than 0 and the function returns directly, the held\ninode lock is not released.\n\nFix this by store the error in ret and jump to done to clean up instead of\nreturning directly.\n\n[dh: Modified Lizhi Xu's original patch to make it honour the error code\nfrom afs_split_string()]\n\n[1]\nWARNING: lock held when returning to user space!\n6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted\n------------------------------------------------\nsyz-executor133/5823 is leaving the kernel with locks still held!\n1 lock held by syz-executor133/5823:\n #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]\n #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21672\n2. https://git.kernel.org/stable/c/17a4fde81d3a7478d97d15304a6d61094a10c2e3\n3. https://git.kernel.org/stable/c/22be1d90a6211c88dd093b25d1f3aa974d0d9f9d", "creation_timestamp": "2025-01-31T13:15:10.000000Z"}, {"uuid": "b17a008e-64bc-426e-aba4-7ccef710efc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21679", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3644", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21679\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add the missing error handling inside get_canonical_dev_path\n\nInside function get_canonical_dev_path(), we call d_path() to get the\nfinal device path.\n\nBut d_path() can return error, and in that case the next strscpy() call\nwill trigger an invalid memory access.\n\nAdd back the missing error handling for d_path().\n\ud83d\udccf Published: 2025-01-31T12:33:03Z\n\ud83d\udccf Modified: 2025-01-31T12:33:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21679\n2. https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d\n3. https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192", "creation_timestamp": "2025-01-31T13:14:54.000000Z"}, {"uuid": "a1ddf158-ba50-4507-883b-4a179db0df67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21671", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3660", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21671\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram->table without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21671\n2. https://git.kernel.org/stable/c/212fe1c0df4a150fb6298db2cfff267ceaba5402\n3. https://git.kernel.org/stable/c/571d3f6045cd3a6d9f6aec33b678f3ffe97582ef\n4. https://git.kernel.org/stable/c/902ef8f16d5ca77edc77c30656be54186c1e99b7\n5. https://git.kernel.org/stable/c/fe3de867f94819ba0f28e035c0b0182150147d95", "creation_timestamp": "2025-01-31T13:15:15.000000Z"}, {"uuid": "fcc2b64a-083c-4d8e-9560-580e03ad30e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2167", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8817", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2167\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-26T08:21:50.518Z\n\ud83d\udccf Modified: 2025-03-26T08:21:50.518Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/32bcff2d-e322-4c9c-b1c2-f07aa54faff9?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257882%40event-post&new=3257882%40event-post&sfp_email=&sfph_mail=", "creation_timestamp": "2025-03-26T09:26:01.000000Z"}, {"uuid": "2c63b8de-f1ac-4788-b46c-1e4630774df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21673", "type": "seen", "source": "https://t.me/cvedetector/16943", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21673 - Linux SMB Client Double Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21673 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsmb: client: fix double free of TCP_Server_Info::hostname \n \nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread \nmight be reconnecting to multiple DFS targets before it realizes it \nshould exit the loop, so @server->hostname can't be freed as long as \ncifsd thread isn't done. Otherwise the following can happen: \n \n RIP: 0010:__slab_free+0x223/0x3c0 \n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89 \n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff <0f0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80 \n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246 \n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068 \n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400 \n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000 \n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500 \n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068 \n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000) \n 000000 \n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4: \n PKRU: 55555554 \n Call Trace: \n \n ? show_trace_log_lvl+0x1c4/0x2df \n ? show_trace_log_lvl+0x1c4/0x2df \n ? __reconnect_target_unlocked+0x3e/0x160 [cifs] \n ? __die_body.cold+0x8/0xd \n ? die+0x2b/0x50 \n ? do_trap+0xce/0x120 \n ? __slab_free+0x223/0x3c0 \n ? do_error_trap+0x65/0x80 \n ? __slab_free+0x223/0x3c0 \n ? exc_invalid_op+0x4e/0x70 \n ? __slab_free+0x223/0x3c0 \n ? asm_exc_invalid_op+0x16/0x20 \n ? __slab_free+0x223/0x3c0 \n ? extract_hostname+0x5c/0xa0 [cifs] \n ? extract_hostname+0x5c/0xa0 [cifs] \n ? __kmalloc+0x4b/0x140 \n __reconnect_target_unlocked+0x3e/0x160 [cifs] \n reconnect_dfs_server+0x145/0x430 [cifs] \n cifs_handle_standard+0x1ad/0x1d0 [cifs] \n cifs_demultiplex_thread+0x592/0x730 [cifs] \n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] \n kthread+0xdd/0x100 \n ? __pfx_kthread+0x10/0x10 \n ret_from_fork+0x29/0x50 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:41.000000Z"}, {"uuid": "9ef56874-edad-451c-9c55-4ea87551c98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21675", "type": "seen", "source": "https://t.me/cvedetector/16947", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21675 - Mellanox Technologies mlx5 Multiple Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21675 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5: Clear port select structure when fail to create \n \nClear the port select structure on error so no stale values left after \ndefiners are destroyed. That's because the mlx5_lag_destroy_definers() \nalways try to destroy all lag definers in the tt_map, so in the flow \nbelow lag definers get double-destroyed and cause kernel crash: \n \n mlx5_lag_port_sel_create() \n mlx5_lag_create_definers() \n mlx5_lag_create_definer() <-<-<-<-\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:47.000000Z"}, {"uuid": "7d89cd49-c190-4c86-8df8-7cd0ba8229aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21674", "type": "seen", "source": "https://t.me/cvedetector/16945", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21674 - Here is the title: \"_checks-linux-mellanox-mlx5_core-xfrm-ipsec-tunnel-mode-hardcoded-lock-order-vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-21674 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel \n \nAttempt to enable IPsec packet offload in tunnel mode in debug kernel \ngenerates the following kernel panic, which is happening due to two \nissues: \n1. In SA add section, the should be _bh() variant when marking SA mode. \n2. There is not needed flush_workqueue in SA delete routine. It is not \nneeded as at this stage as it is removed from SADB and the running work \nwill be canceled later in SA free. \n \n ===================================================== \n WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected \n 6.12.0+ #4 Not tainted \n ----------------------------------------------------- \n charon/1337 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire: \n ffff88810f365020 (&xa->xa_lock#24){+.+.}-{3:3}, at: mlx5e_xfrm_del_state+0xca/0x1e0 [mlx5_core] \n \n and this task is already holding: \n ffff88813e0f0d48 (&x->lock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30 \n which would create a new lock dependency: \n (&x->lock){+.-.}-{3:3} -> (&xa->xa_lock#24){+.+.}-{3:3} \n \n but this new dependency connects a SOFTIRQ-irq-safe lock: \n (&x->lock){+.-.}-{3:3} \n \n ... which became SOFTIRQ-irq-safe at: \n lock_acquire+0x1be/0x520 \n _raw_spin_lock_bh+0x34/0x40 \n xfrm_timer_handler+0x91/0xd70 \n __hrtimer_run_queues+0x1dd/0xa60 \n hrtimer_run_softirq+0x146/0x2e0 \n handle_softirqs+0x266/0x860 \n irq_exit_rcu+0x115/0x1a0 \n sysvec_apic_timer_interrupt+0x6e/0x90 \n asm_sysvec_apic_timer_interrupt+0x16/0x20 \n default_idle+0x13/0x20 \n default_idle_call+0x67/0xa0 \n do_idle+0x2da/0x320 \n cpu_startup_entry+0x50/0x60 \n start_secondary+0x213/0x2a0 \n common_startup_64+0x129/0x138 \n \n to a SOFTIRQ-irq-unsafe lock: \n (&xa->xa_lock#24){+.+.}-{3:3} \n \n ... which became SOFTIRQ-irq-unsafe at: \n ... \n lock_acquire+0x1be/0x520 \n _raw_spin_lock+0x2c/0x40 \n xa_set_mark+0x70/0x110 \n mlx5e_xfrm_add_state+0xe48/0x2290 [mlx5_core] \n xfrm_dev_state_add+0x3bb/0xd70 \n xfrm_add_sa+0x2451/0x4a90 \n xfrm_user_rcv_msg+0x493/0x880 \n netlink_rcv_skb+0x12e/0x380 \n xfrm_netlink_rcv+0x6d/0x90 \n netlink_unicast+0x42f/0x740 \n netlink_sendmsg+0x745/0xbe0 \n __sock_sendmsg+0xc5/0x190 \n __sys_sendto+0x1fe/0x2c0 \n __x64_sys_sendto+0xdc/0x1b0 \n do_syscall_64+0x6d/0x140 \n entry_SYSCALL_64_after_hwframe+0x4b/0x53 \n \n other info that might help us debug this: \n \n Possible interrupt unsafe locking scenario: \n \n CPU0 CPU1 \n ---- ---- \n lock(&xa->xa_lock#24); \n local_irq_disable(); \n lock(&x->lock); \n lock(&xa->xa_lock#24); \n \n lock(&x->lock); \n \n *** DEADLOCK *** \n \n 2 locks held by charon/1337: \n #0: ffffffff87f8f858 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{4:4}, at: xfrm_netlink_rcv+0x5e/0x90 \n #1: ffff88813e0f0d48 (&x->lock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30 \n \n the dependencies between SOFTIRQ-irq-safe lock and the holding lock: \n -> (&x->lock){+.-.}-{3:3} ops: 29 { \n HARDIRQ-ON-W at: \n lock_acquire+0x1be/0x520 \n _raw_spin_lock_bh+0x34/0x40 \n xfrm_alloc_spi+0xc0/0xe60 \n xfrm_alloc_userspi+0x5f6/0xbc0 \n xfrm_user_rcv_msg+0x493/0x880 \n netlink_rcv_skb+0x12e/0x380 \n xfrm_netlink_rcv+0x6d/0x90 \n netlink_unicast+0x42f/0x740 \n netlink_sendmsg+0x745/0xbe0 \n __sock_sendmsg+0xc5/0x190 \n [...]", "creation_timestamp": "2025-01-31T15:22:42.000000Z"}, {"uuid": "5c69d7cb-e5e1-4d7f-b3cd-8943df4c97cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21672", "type": "seen", "source": "https://t.me/cvedetector/16944", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21672 - Linux Kernel AFS Lock Holding Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21672 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nafs: Fix merge preference rule failure condition \n \nsyzbot reported a lock held when returning to userspace[1]. This is \nbecause if argc is less than 0 and the function returns directly, the held \ninode lock is not released. \n \nFix this by store the error in ret and jump to done to clean up instead of \nreturning directly. \n \n[dh: Modified Lizhi Xu's original patch to make it honour the error code \nfrom afs_split_string()] \n \n[1] \nWARNING: lock held when returning to user space! \n6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted \n------------------------------------------------ \nsyz-executor133/5823 is leaving the kernel with locks still held! \n1 lock held by syz-executor133/5823: \n #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline] \n #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:42.000000Z"}, {"uuid": "d8511b9c-668b-4dab-a29f-138ea59f0f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21671", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3ejwgj2t", "content": "", "creation_timestamp": "2025-01-31T12:16:21.445476Z"}, {"uuid": "fa46be9a-1493-45b4-9acc-1e08ba18ae52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21676", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3q266u2e", "content": "", "creation_timestamp": "2025-01-31T12:16:33.605329Z"}, {"uuid": "29412972-29f0-43f4-9344-474161b5f375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3c6nnd2i", "content": "", "creation_timestamp": "2025-01-31T12:16:18.815242Z"}, {"uuid": "d0801e9b-64a7-4a11-93a9-89cb0d38c874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21674", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3lf2pe2e", "content": "", "creation_timestamp": "2025-01-31T12:16:28.428467Z"}, {"uuid": "ba6eaf1c-71c1-4485-8786-7b5e71042034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21672", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3goouj2p", "content": "", "creation_timestamp": "2025-01-31T12:16:23.623402Z"}, {"uuid": "3b91aedb-58b2-4ab7-9ed7-55479ea30a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21673", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3ivuta2h", "content": "", "creation_timestamp": "2025-01-31T12:16:26.235164Z"}, {"uuid": "574ce166-3767-47b3-96ad-a2f5e030e52c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21675", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3nul2z2t", "content": "", "creation_timestamp": "2025-01-31T12:16:31.123158Z"}, {"uuid": "9dd9537a-ddd8-4960-8acc-503cf259a2a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21677", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3saxal2r", "content": "", "creation_timestamp": "2025-01-31T12:16:35.707937Z"}, {"uuid": "8e1931ee-d441-4308-b1d2-c595988200e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21679", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3wqw3t2i", "content": "", "creation_timestamp": "2025-01-31T12:16:40.444189Z"}, {"uuid": "3ff643b7-8d40-4779-9d9c-1b38d4d8a4bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3liwa2ghhtq2x", "content": "", "creation_timestamp": "2025-02-24T11:18:44.154814Z"}, {"uuid": "576b9e53-3c9e-4b6f-9b83-56ba2367901e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "ac789877-78f6-491c-ab6f-c697494af8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21672", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "539da0ae-68b8-4755-b7f2-822e93a04829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21673", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d261e01a-9007-4445-b4e4-5a0f7d582daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2167", "type": "seen", "source": "https://t.me/cvedetector/21160", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2167 - WordPress Event Post Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2167 \nPublished : March 26, 2025, 9:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T12:12:47.000000Z"}, {"uuid": "197015f0-63fe-48e6-b0a7-53b7d1cba623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2585", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-28T07:48:31.000000Z"}, {"uuid": "cc866b7a-e9cf-4fe7-af22-e94a1bd68175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6980", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-28T07:48:31.000000Z"}, {"uuid": "c13f3704-aa9f-4c21-8e20-5d4e485fa4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21678", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3umh5q2h", "content": "", "creation_timestamp": "2025-01-31T12:16:38.114932Z"}, {"uuid": "b0ca334c-cc0c-4857-93ca-e25afa981ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21672", "type": "seen", "source": "Telegram/cP0ii7j8gSwCfG_agp5keKaDEe4wuTGg3jjGmLzlvn-70RZp", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"}, {"uuid": "dbf0be37-e65f-4c04-bb30-7f13bd854a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://t.me/cvedetector/16942", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21670 - \"Linux Kernel Vsock Transport NULL Pointer Dereference Vulnerability in BPF\"\", \n \"Content\": \"CVE ID : CVE-2025-21670 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvsock/bpf: return early if transport is not assigned \n \nSome of the core functions can only be called if the transport \nhas been assigned. \n \nAs Michal reported, a socket might have the transport at NULL, \nfor example after a failed connect(), causing the following trace: \n \n BUG: kernel NULL pointer dereference, address: 00000000000000a0 \n #PF: supervisor read access in kernel mode \n #PF: error_code(0x0000) - not-present page \n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 \n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI \n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ \n RIP: 0010:vsock_connectible_has_data+0x1f/0x40 \n Call Trace: \n vsock_bpf_recvmsg+0xca/0x5e0 \n sock_recvmsg+0xb9/0xc0 \n __sys_recvfrom+0xb3/0x130 \n __x64_sys_recvfrom+0x20/0x30 \n do_syscall_64+0x93/0x180 \n entry_SYSCALL_64_after_hwframe+0x76/0x7e \n \nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(), \nespecially for connected sockets (stream/seqpacket) as we already \ndo in __vsock_connectible_recvmsg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:40.000000Z"}, {"uuid": "f25beab9-622a-4e23-adf5-a58750c58fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21671", "type": "seen", "source": "https://t.me/cvedetector/16941", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21671 - \"Linux kernel Zram Use-After-Free\"\", \n \"Content\": \"CVE ID : CVE-2025-21671 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nzram: fix potential UAF of zram table \n \nIf zram_meta_alloc failed early, it frees allocated zram->table without \nsetting it NULL. Which will potentially cause zram_meta_free to access \nthe table if user reset an failed and uninitialized device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:39.000000Z"}, {"uuid": "21f6cb8a-ef0f-4334-a2b1-155300363c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21679", "type": "seen", "source": "https://t.me/cvedetector/16940", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21679 - Linux Kernel Btrfs Null Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2025-21679 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbtrfs: add the missing error handling inside get_canonical_dev_path \n \nInside function get_canonical_dev_path(), we call d_path() to get the \nfinal device path. \n \nBut d_path() can return error, and in that case the next strscpy() call \nwill trigger an invalid memory access. \n \nAdd back the missing error handling for d_path(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:36.000000Z"}, {"uuid": "4fe5b4f2-20ab-4324-9c28-53dc79d0e319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21678", "type": "seen", "source": "https://t.me/cvedetector/16951", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21678 - \"Linux GTP Net Namespace Device Destruction Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-21678 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngtp: Destroy device along with udp socket's netns dismantle. \n \ngtp_newlink() links the device to a list in dev_net(dev) instead of \nsrc_net, where a udp tunnel socket is created. \n \nEven when src_net is removed, the device stays alive on dev_net(dev). \nThen, removing src_net triggers the splat below. [0] \n \nIn this example, gtp0 is created in ns2, and the udp socket is created \nin ns1. \n \n ip netns add ns1 \n ip netns add ns2 \n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn \n ip netns del ns1 \n \nLet's link the device to the socket's netns instead. \n \nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove \nall gtp devices in the netns. \n \n[0]: \nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at \n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236) \n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252) \n __sock_create (net/socket.c:1558) \n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18) \n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423) \n gtp_create_sockets (drivers/net/gtp.c:1447) \n gtp_newlink (drivers/net/gtp.c:1507) \n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012) \n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922) \n netlink_rcv_skb (net/netlink/af_netlink.c:2542) \n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347) \n netlink_sendmsg (net/netlink/af_netlink.c:1891) \n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583) \n ___sys_sendmsg (net/socket.c:2639) \n __sys_sendmsg (net/socket.c:2669) \n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) \n \nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179) \nModules linked in: \nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5 \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 \nWorkqueue: netns cleanup_net \nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179) \nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 <0f0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89 \nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286 \nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6 \nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c \nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae \nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0 \nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000 \nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 \nPKRU: 55555554 \nCall Trace: \n \n ? __warn (kernel/panic.c:748) \n ? ref_tracker_dir_exit (lib/ref_tracker.c:179) \n ? report_bug (lib/bug.c:201 lib/bug.c:219) \n ? handle_bug (arch/x86/kernel/traps.c:285) \n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) \n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) \n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) \n ? ref_tracker_dir_exit (lib/ref_tracker.c:179) \n ? __pfx_ref_tracker_dir_exit[...]", "creation_timestamp": "2025-01-31T15:23:26.000000Z"}, {"uuid": "3d016b55-4191-4761-8c39-3db615e3876c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21677", "type": "seen", "source": "https://t.me/cvedetector/16949", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21677 - Vulnerability Title: Linux pfcp Newlink devices Remote Reference Leak\", \n \"Content\": \"CVE ID : CVE-2025-21677 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \npfcp: Destroy device along with udp socket's netns dismantle. \n \npfcp_newlink() links the device to a list in dev_net(dev) instead \nof net, where a udp tunnel socket is created. \n \nEven when net is removed, the device stays alive on dev_net(dev). \nThen, removing net triggers the splat below. [0] \n \nIn this example, pfcp0 is created in ns2, but the udp socket is \ncreated in ns1. \n \n ip netns add ns1 \n ip netns add ns2 \n ip -n ns1 link add netns ns2 name pfcp0 type pfcp \n ip netns del ns1 \n \nLet's link the device to the socket's netns instead. \n \nNow, pfcp_net_exit() needs another netdev iteration to remove \nall pfcp devices in the netns. \n \npfcp_dev_list is not used under RCU, so the list API is converted \nto the non-RCU variant. \n \npfcp_net_exit() can be converted to .exit_batch_rtnl() in net-next. \n \n[0]: \nref_tracker: net notrefcnt@00000000128b34dc has 1/1 users at \n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236) \n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252) \n __sock_create (net/socket.c:1558) \n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18) \n pfcp_create_sock (drivers/net/pfcp.c:168) \n pfcp_newlink (drivers/net/pfcp.c:182 drivers/net/pfcp.c:197) \n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012) \n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922) \n netlink_rcv_skb (net/netlink/af_netlink.c:2542) \n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347) \n netlink_sendmsg (net/netlink/af_netlink.c:1891) \n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583) \n ___sys_sendmsg (net/socket.c:2639) \n __sys_sendmsg (net/socket.c:2669) \n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) \n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) \n \nWARNING: CPU: 1 PID: 11 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179) \nModules linked in: \nCPU: 1 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5 \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 \nWorkqueue: netns cleanup_net \nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179) \nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 <0f0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89 \nRSP: 0018:ff11000007f3fb60 EFLAGS: 00010286 \nRAX: 00000000000020ef RBX: ff1100000d6481e0 RCX: 1ffffffff0e40d82 \nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c \nRBP: ff1100000d648230 R08: 0000000000000001 R09: fffffbfff0e395af \nR10: 0000000000000001 R11: 0000000000000000 R12: ff1100000d648230 \nR13: dead000000000100 R14: ff1100000d648230 R15: dffffc0000000000 \nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 00005620e1363990 CR3: 000000000eeb2002 CR4: 0000000000771ef0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 \nPKRU: 55555554 \nCall Trace: \n \n ? __warn (kernel/panic.c:748) \n ? ref_tracker_dir_exit (lib/ref_tracker.c:179) \n ? report_bug (lib/bug.c:201 lib/bug.c:219) \n ? handle_bug (arch/x86/kernel/traps.c:285) \n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) \n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) \n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/a[...]", "creation_timestamp": "2025-01-31T15:22:49.000000Z"}, {"uuid": "758fdcab-fa44-4f19-a535-5a441b447fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21676", "type": "seen", "source": "https://t.me/cvedetector/16953", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21676 - Linux Fec Network Driver Null Pointer Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21676 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: fec: handle page_pool_dev_alloc_pages error \n \nThe fec_enet_update_cbd function calls page_pool_dev_alloc_pages but did \nnot handle the case when it returned NULL. There was a WARN_ON(!new_page) \nbut it would still proceed to use the NULL pointer and then crash. \n \nThis case does seem somewhat rare but when the system is under memory \npressure it can happen. One case where I can duplicate this with some \nfrequency is when writing over a smbd share to a SATA HDD attached to an \nimx6q. \n \nSetting /proc/sys/vm/min_free_kbytes to higher values also seems to solve \nthe problem for my test case. But it still seems wrong that the fec driver \nignores the memory allocation error and can crash. \n \nThis commit handles the allocation error by dropping the current packet. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:23:28.000000Z"}, {"uuid": "653ef917-6988-4eec-b3a5-b896a264b815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11859", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-26T00:08:02.000000Z"}]}