{"vulnerability": "CVE-2025-2212", "sightings": [{"uuid": "39d4c14a-d800-4bde-ae41-bf2691ad25b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "Telegram/VAb3zzagTn6lQbft5tz1fytQ8Ohgykhy9DuLCcxvkLhSx6o", "content": "", "creation_timestamp": "2026-01-11T18:01:59.000000Z"}, {"uuid": "25173ee2-0c7f-4a92-a946-cfa2b6ba05f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22129", "type": "seen", "source": "Telegram/rMugWZXXH2M3Fg8J2nFz-Pd6jZeE4QTCCSFFWqhPKNvZeMyr", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}, {"uuid": "0b924a4f-b0e9-42d8-927a-cefa50cbf625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22124", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14803", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22124\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix wrong bitmap_limit for clustermd when write sb\n\nIn clustermd, separate write-intent-bitmaps are used for each cluster\nnode:\n\n0 4k 8k 12k\n-------------------------------------------------------------------\n| idle | md super | bm super [0] + bits |\n| bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] |\n| bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits |\n| bm bits [3, contd] | | |\n\nSo in node 1, pg_index in __write_sb_page() could equal to\nbitmap->storage.file_pages. Then bitmap_limit will be calculated to\n0. md_super_write() will be called with 0 size.\nThat means the first 4k sb area of node 1 will never be updated\nthrough filemap_write_page().\nThis bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.\n\nHere use (pg_index % bitmap->storage.file_pages) to make calculation\nof bitmap_limit correct.\n\ud83d\udccf Published: 2025-04-16T14:13:08.134Z\n\ud83d\udccf Modified: 2025-05-04T13:07:04.537Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/bc3a9788961631359527763d7e1fcf26554c7cb1\n2. https://git.kernel.org/stable/c/6130825f34d41718c98a9b1504a79a23e379701e", "creation_timestamp": "2025-05-04T13:18:46.000000Z"}, {"uuid": "ef13fd60-55bd-4446-bdf9-cbcc608632e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22128", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19689", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22128\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath12k_pci_msi_alloc(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ.\n\nThis may end up with a warning from the IRQ core that is expecting the\naffinity hint to be cleared before freeing the IRQ:\n\nkernel/irq/manage.c:\n\n /* make sure affinity_hint is cleaned up */\n if (WARN_ON_ONCE(desc->affinity_hint))\n desc->affinity_hint = NULL;\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath12k_pci_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\ud83d\udccf Published: 2025-04-16T14:13:10.692Z\n\ud83d\udccf Modified: 2025-06-27T10:21:16.498Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a69a594794fcad96d4cfce12aab6c5014a12b4c8\n2. https://git.kernel.org/stable/c/35b33ba76765ce9e72949d957f3cf1feafd2955c\n3. https://git.kernel.org/stable/c/b43b1e2c52db77c872bd60d30cdcc72c47df70c7", "creation_timestamp": "2025-06-27T10:49:55.000000Z"}, {"uuid": "aa8d8d54-2a95-4ddc-8575-3c4552da9fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22124", "type": "seen", "source": "https://t.me/cvedetector/23126", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22124 - Linux Kernel Clustermd Memory Corruption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22124 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmd/md-bitmap: fix wrong bitmap_limit for clustermd when write sb \n \nIn clustermd, separate write-intent-bitmaps are used for each cluster \nnode: \n \n0 4k 8k 12k \n------------------------------------------------------------------- \n| idle | md super | bm super [0] + bits | \n| bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | \n| bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | \n| bm bits [3, contd] | | | \n \nSo in node 1, pg_index in __write_sb_page() could equal to \nbitmap->storage.file_pages. Then bitmap_limit will be calculated to \n0. md_super_write() will be called with 0 size. \nThat means the first 4k sb area of node 1 will never be updated \nthrough filemap_write_page(). \nThis bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize. \n \nHere use (pg_index % bitmap->storage.file_pages) to make calculation \nof bitmap_limit correct. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:51.000000Z"}, {"uuid": "638d73b7-1ceb-448a-988c-95df75184136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22122", "type": "seen", "source": "https://t.me/cvedetector/23125", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22122 - Linux Kernel Block Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22122 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblock: fix adding folio to bio \n \n>4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage \nis supported, then 'offset' of folio can't be held in 'unsigned int', \ncause warning in bio_add_folio_nofail() and IO failure. \n \nFix it by adjusting 'page' & trimming 'offset' so that `->bi_offset` won't \nbe overflow, and folio can be added to bio successfully. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:51.000000Z"}, {"uuid": "bdc12e79-43dc-40b7-abe1-8cca99608e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22123", "type": "seen", "source": "https://t.me/cvedetector/23124", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22123 - Linux F2FS Uninitialized Pointer Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22123 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nf2fs: fix to avoid accessing uninitialized curseg \n \nsyzbot reports a f2fs bug as below: \n \nF2FS-fs (loop3): Stopped filesystem due to reason: 7 \nkworker/u8:7: attempt to access beyond end of device \nBUG: unable to handle page fault for address: ffffed1604ea3dfa \nRIP: 0010:get_ckpt_valid_blocks fs/f2fs/segment.h:361 [inline] \nRIP: 0010:has_curseg_enough_space fs/f2fs/segment.h:570 [inline] \nRIP: 0010:__get_secs_required fs/f2fs/segment.h:620 [inline] \nRIP: 0010:has_not_enough_free_secs fs/f2fs/segment.h:633 [inline] \nRIP: 0010:has_enough_free_secs+0x575/0x1660 fs/f2fs/segment.h:649 \n \n f2fs_is_checkpoint_ready fs/f2fs/segment.h:671 [inline] \n f2fs_write_inode+0x425/0x540 fs/f2fs/inode.c:791 \n write_inode fs/fs-writeback.c:1525 [inline] \n __writeback_single_inode+0x708/0x10d0 fs/fs-writeback.c:1745 \n writeback_sb_inodes+0x820/0x1360 fs/fs-writeback.c:1976 \n wb_writeback+0x413/0xb80 fs/fs-writeback.c:2156 \n wb_do_writeback fs/fs-writeback.c:2303 [inline] \n wb_workfn+0x410/0x1080 fs/fs-writeback.c:2343 \n process_one_work kernel/workqueue.c:3236 [inline] \n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 \n worker_thread+0x870/0xd30 kernel/workqueue.c:3398 \n kthread+0x7a9/0x920 kernel/kthread.c:464 \n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 \n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 \n \nCommit 8b10d3653735 (\"f2fs: introduce FAULT_NO_SEGMENT\") allows to trigger \nno free segment fault in allocator, then it will update curseg->segno to \nNULL_SEGNO, though, CP_ERROR_FLAG has been set, f2fs_write_inode() missed \nto check the flag, and access invalid curseg->segno directly in below call \npath, then resulting in panic: \n \n- f2fs_write_inode \n - f2fs_is_checkpoint_ready \n - has_enough_free_secs \n - has_not_enough_free_secs \n - __get_secs_required \n - has_curseg_enough_space \n - get_ckpt_valid_blocks \n : access invalid curseg->segno \n \nTo avoid this issue, let's: \n- check CP_ERROR_FLAG flag in prior to f2fs_is_checkpoint_ready() in \nf2fs_write_inode(). \n- in has_curseg_enough_space(), save curseg->segno into a temp variable, \nand verify its validation before use. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:50.000000Z"}, {"uuid": "76b47aa5-9ef0-4731-98ca-49636bab9cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22120", "type": "seen", "source": "https://t.me/cvedetector/23123", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22120 - \"EXT4-fs Linux Kernel Hung Task Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-22120 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \next4: goto right label 'out_mmap_sem' in ext4_setattr() \n \nOtherwise, if ext4_inode_attach_jinode() fails, a hung task will \nhappen because filemap_invalidate_unlock() isn't called to unlock \nmapping->invalidate_lock. Like this: \n \nEXT4-fs error (device sda) in ext4_setattr:5557: Out of memory \nINFO: task fsstress:374 blocked for more than 122 seconds. \n Not tainted 6.14.0-rc1-next-20250206-xfstests-dirty #726 \n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message. \ntask:fsstress state:D stack:0 pid:374 tgid:374 ppid:373 \n task_flags:0x440140 flags:0x00000000 \nCall Trace: \n \n __schedule+0x2c9/0x7f0 \n schedule+0x27/0xa0 \n schedule_preempt_disabled+0x15/0x30 \n rwsem_down_read_slowpath+0x278/0x4c0 \n down_read+0x59/0xb0 \n page_cache_ra_unbounded+0x65/0x1b0 \n filemap_get_pages+0x124/0x3e0 \n filemap_read+0x114/0x3d0 \n vfs_read+0x297/0x360 \n ksys_read+0x6c/0xe0 \n do_syscall_64+0x4b/0x110 \n entry_SYSCALL_64_after_hwframe+0x76/0x7e \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:49.000000Z"}, {"uuid": "3cefb59b-a040-4f1c-a635-8452dc7b3eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://t.me/cvedetector/23122", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22121 - Linux Kernel ext4 Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22121 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() \n \nThere's issue as follows: \nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 \nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 \n \nCPU: 3 PID: 15172 Comm: syz-executor.0 \nCall Trace: \n __dump_stack lib/dump_stack.c:82 [inline] \n dump_stack+0xbe/0xfd lib/dump_stack.c:123 \n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 \n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 \n kasan_report+0x3a/0x50 mm/kasan/report.c:585 \n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137 \n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896 \n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323 \n evict+0x39f/0x880 fs/inode.c:622 \n iput_final fs/inode.c:1746 [inline] \n iput fs/inode.c:1772 [inline] \n iput+0x525/0x6c0 fs/inode.c:1758 \n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline] \n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300 \n mount_bdev+0x355/0x410 fs/super.c:1446 \n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611 \n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576 \n do_new_mount fs/namespace.c:2983 [inline] \n path_mount+0x119a/0x1ad0 fs/namespace.c:3316 \n do_mount+0xfc/0x110 fs/namespace.c:3329 \n __do_sys_mount fs/namespace.c:3540 [inline] \n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514 \n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 \n entry_SYSCALL_64_after_hwframe+0x67/0xd1 \n \nMemory state around the buggy address: \n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \n>ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff \n ^ \n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff \n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff \n \nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr \nis valid if xattr is in inode. \nTo solve above issue call xattr_check_inode() check if xattr if valid \nin inode. In fact, we can directly verify in ext4_iget_extra_inode(), \nso that there is no divergent verification. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:48.000000Z"}, {"uuid": "6518bb99-2a5b-4001-9fbe-6464ca0680ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22129", "type": "seen", "source": "https://t.me/cvedetector/17122", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22129 - Tuleap Unauthorized Access Information Disclosure\", \n \"Content\": \"CVE ID : CVE-2025-22129 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:44.000000Z"}, {"uuid": "074909e5-4556-4d02-8ec1-0167e58a1e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22129", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckydqjpl2h", "content": "", "creation_timestamp": "2025-02-03T22:15:59.235254Z"}, {"uuid": "88f134c9-37b5-4fd0-859b-d76c0698b5b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22129", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxyc7obh2g", "content": "", "creation_timestamp": "2025-02-04T02:08:38.180493Z"}, {"uuid": "08d4975b-2471-453b-9aff-f9a0897edc77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2212", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "f2871095-a5c6-4620-a01a-590b58e730fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22124", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "c3ef7a6c-e68a-4392-b4e8-d525bf635eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22127", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "f737bc15-d2e7-4a65-abc6-e3a9ca76721d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "d64e6f67-e3c7-4cba-8195-0c8bbf6c6c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22125", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "f8fb0ba9-b42a-44e5-8585-557f9f8353cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"}, {"uuid": "72099ee1-2186-4a6a-a8bd-e22b68400b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22124", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "813e4495-4209-4b7a-9615-efe2e77efea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "ebebf538-d73d-4fbb-9add-1b4a52c18211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22129", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113942086547212939", "content": "", "creation_timestamp": "2025-02-03T21:31:04.515592Z"}, {"uuid": "c238aee2-5c09-4746-b1a0-2371bc217c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22125", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "c5381095-0bf8-437c-9301-bad69f3ed497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "0619f211-3f67-45c0-aefd-52add315461c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22125", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "2815e12e-b996-4d19-86d8-324b1d039926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22124", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"}, {"uuid": "6508a605-b445-4c64-9911-1af048dd00e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22125", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"}, {"uuid": "9748b772-7212-4e0d-a3b5-bcb56df1c8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22126", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13397", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22126\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n t2:\n //remove mddev2\n ...\n mddev_free\n spin_lock\n list_del\n spin_unlock\n kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2->all_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it's not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.\n\ud83d\udccf Published: 2025-04-16T14:13:09.399Z\n\ud83d\udccf Modified: 2025-04-25T10:06:48.152Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/ca9f84de76723b358dfc0606668efdca54afc2e5\n2. https://git.kernel.org/stable/c/d69a23d8e925f8052d657652a6875ec2712c7e33\n3. https://git.kernel.org/stable/c/e2a9f73ee408a460f4c9dfe03b4741d6b11652b8\n4. https://git.kernel.org/stable/c/5462544ccbad3fc938a71b01fa5bd3a0dc2b750a\n5. https://git.kernel.org/stable/c/8542870237c3a48ff049b6c5df5f50c8728284fa", "creation_timestamp": "2025-04-25T11:07:40.000000Z"}]}