{"vulnerability": "CVE-2025-3783", "sightings": [{"uuid": "8d778000-017c-4a6c-920d-440b374ccf75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37830", "type": "seen", "source": "https://t.me/cvedetector/24792", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37830 - Linux Kernel cpufreq scmi Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37830 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()  \n  \ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present  \nin the policy->cpus mask. scmi_cpufreq_get_rate() does not check for  \nthis case, which results in a NULL pointer dereference.  \n  \nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T11:44:46.000000Z"}, {"uuid": "fbb3c9bc-b14b-4b47-a23e-3bf61af4603b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37831", "type": "seen", "source": "https://t.me/cvedetector/24794", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37831 - Apple Soc cpufreq Null Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2025-37831 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()  \n  \ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present  \nin the policy->cpus mask. apple_soc_cpufreq_get_rate() does not check  \nfor this case, which results in a NULL pointer dereference. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T11:44:47.000000Z"}, {"uuid": "41d6755a-04fd-48f2-9c93-857041b1ae6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loneaif7srj2", "content": "", "creation_timestamp": "2025-05-08T07:11:02.359882Z"}, {"uuid": "67916a59-72a2-417b-b1a7-3ce257ce1042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37833", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loneasyv3mj2", "content": "", "creation_timestamp": "2025-05-08T07:11:15.533435Z"}, {"uuid": "c65f97a9-9079-43ba-962d-6dc2ad360d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37832", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loneb3on7cx2", "content": "", "creation_timestamp": "2025-05-08T07:11:29.091875Z"}, {"uuid": "52b9a382-ba36-4183-b917-a5ebb1658d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37831", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lonebcctogx2", "content": "", "creation_timestamp": "2025-05-08T07:11:39.379154Z"}, {"uuid": "12c09f5e-8cd8-41f3-a564-cac0ed4f94fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37830", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lonebiaoe3c2", "content": "", "creation_timestamp": "2025-05-08T07:11:39.973666Z"}, {"uuid": "d78b5ac9-937c-4b88-aefb-ccac37bffd24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37831", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqs2szb2p", "content": "", "creation_timestamp": "2025-05-08T08:31:41.646024Z"}, {"uuid": "0f3bbba6-b7fc-4afe-a570-3b00375d1f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37832", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqs67sz2r", "content": "", "creation_timestamp": "2025-05-08T08:31:42.309472Z"}, {"uuid": "22c3746a-6e88-4959-9b85-b8fe4cbb8cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqsfmey2l", "content": "", "creation_timestamp": "2025-05-08T08:31:43.459859Z"}, {"uuid": "ecd205e1-9cc5-47e3-b285-fbd83517385d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37830", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqsmema2j", "content": "", "creation_timestamp": "2025-05-08T08:31:44.568872Z"}, {"uuid": "423247a3-1e8d-45d7-aee3-1b7ef7ec90d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37833", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqspppt2t", "content": "", "creation_timestamp": "2025-05-08T08:31:45.177955Z"}, {"uuid": "9862df9e-8049-4162-8cfe-4317e76bd8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3783", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3783\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-18T05:31:05.055Z\n\ud83d\udccf Modified: 2025-04-18T05:31:05.055Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305605\n2. https://vuldb.com/?ctiid.305605\n3. https://vuldb.com/?submit.553723\n4. https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/upload_in_add-product.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-18T05:58:43.000000Z"}, {"uuid": "562bd785-17bf-4a7d-92cb-e188ccb0f637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37831", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15480", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37831\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.\n\ud83d\udccf Published: 2025-05-08T06:26:22.328Z\n\ud83d\udccf Modified: 2025-05-08T06:26:22.328Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1053dcf8a504d4933bb3f73df22bc363298d194b\n2. https://git.kernel.org/stable/c/fbdba5f37413dbc09d82ad7235e5b7a2fb8e0f75\n3. https://git.kernel.org/stable/c/01e86ea22610d98ae6141e428019a6916e79f725\n4. https://git.kernel.org/stable/c/9992649f6786921873a9b89dafa5e04d8c5fef2b", "creation_timestamp": "2025-05-08T07:23:05.000000Z"}, {"uuid": "dfc322c2-2ac0-4765-8027-4994b19b2236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/24791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37834 - Linux Kernel: Dirty Swapcache Page Reclamation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37834 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmm/vmscan: don't try to reclaim hwpoison folio  \n  \nSyzkaller reports a bug as follows:  \n  \nInjecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000  \nMemory failure: 0x18b00e: dirty swapcache page still referenced by 2 users  \nMemory failure: 0x18b00e: recovery action for dirty swapcache page: Failed  \npage: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e  \nmemcg:ffff0000dd6d9000  \nanon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff)  \nraw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9  \nraw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000  \npage dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))  \n------------[ cut here ]------------  \nkernel BUG at mm/swap_state.c:184!  \nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP  \nModules linked in:  \nCPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3  \nHardware name: linux,dummy-virt (DT)  \npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)  \npc : add_to_swap+0xbc/0x158  \nlr : add_to_swap+0xbc/0x158  \nsp : ffff800087f37340  \nx29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780  \nx26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0  \nx23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4  \nx20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000  \nx17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c  \nx14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b  \nx11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000  \nx8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001  \nx5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000  \nx2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000  \nCall trace:  \n add_to_swap+0xbc/0x158  \n shrink_folio_list+0x12ac/0x2648  \n shrink_inactive_list+0x318/0x948  \n shrink_lruvec+0x450/0x720  \n shrink_node_memcgs+0x280/0x4a8  \n shrink_node+0x128/0x978  \n balance_pgdat+0x4f0/0xb20  \n kswapd+0x228/0x438  \n kthread+0x214/0x230  \n ret_from_fork+0x10/0x20  \n  \nI can reproduce this issue with the following steps:  \n  \n1) When a dirty swapcache page is isolated by reclaim process and the  \n   page isn't locked, inject memory failure for the page.   \n   me_swapcache_dirty() clears uptodate flag and tries to delete from lru,  \n   but fails.  Reclaim process will put the hwpoisoned page back to lru.  \n  \n2) The process that maps the hwpoisoned page exits, the page is deleted  \n   the page will never be freed and will be in the lru forever.  \n  \n3) If we trigger a reclaim again and tries to reclaim the page,  \n   add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is  \n   cleared.  \n  \nTo fix it, skip the hwpoisoned page in shrink_folio_list().  Besides, the  \nhwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap  \nit in shrink_folio_list(), otherwise the folio will fail to be unmaped by  \nhwpoison_user_mappings() since the folio isn't in lru list. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T11:44:45.000000Z"}, {"uuid": "b8116048-1f80-4d12-91e9-cb2d5e3f87c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37832", "type": "seen", "source": "https://t.me/cvedetector/24795", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37832 - Allwinner cpufreq sun50i Linux Kernel Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37832 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncpufreq: sun50i: prevent out-of-bounds access  \n  \nA KASAN enabled kernel reports an out-of-bounds access when handling the  \nnvmem cell in the sun50i cpufreq driver:  \n==================================================================  \nBUG: KASAN: slab-out-of-bounds in sun50i_cpufreq_nvmem_probe+0x180/0x3d4  \nRead of size 4 at addr ffff000006bf31e0 by task kworker/u16:1/38  \n  \nThis is because the DT specifies the nvmem cell as covering only two  \nbytes, but we use a u32 pointer to read the value. DTs for other SoCs  \nindeed specify 4 bytes, so we cannot just shorten the variable to a u16.  \n  \nFortunately nvmem_cell_read() allows to return the length of the nvmem  \ncell, in bytes, so we can use that information to only access the valid  \nportion of the data.  \nTo cover multiple cell sizes, use memcpy() to copy the information into a  \nzeroed u32 buffer, then also make sure we always read the data in little  \nendian fashion, as this is how the data is stored in the SID efuses. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T11:44:51.000000Z"}, {"uuid": "7c6747ea-d47a-42d6-bb21-89778e754918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37833", "type": "seen", "source": "https://t.me/cvedetector/24796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37833 - Linux Niu PCI-MSIX Touch Entry Data Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37833 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads  \n  \nFix niu_try_msix() to not cause a fatal trap on sparc systems.  \n  \nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to  \nwork around a bug in the hardware or firmware.  \n  \nFor each vector entry in the msix table, niu chips will cause a fatal  \ntrap if any registers in that entry are read before that entries'  \nENTRY_DATA register is written to. Testing indicates writes to other  \nregisters are not sufficient to prevent the fatal trap, however the value  \ndoes not appear to matter. This only needs to happen once after power up,  \nso simply rebooting into a kernel lacking this fix will NOT cause the  \ntrap.  \n  \nNON-RESUMABLE ERROR: Reporting on cpu 64  \nNON-RESUMABLE ERROR: TPC [0x00000000005f6900]   \nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff  \nNON-RESUMABLE ERROR:      0000000800000000:0000000000000000:0000000000000000:0000000000000000]  \nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]  \nNON-RESUMABLE ERROR: type [precise nonresumable]  \nNON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv >  \nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]  \nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]  \nNON-RESUMABLE ERROR: size [0x8]  \nNON-RESUMABLE ERROR: asi [0x00]  \nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63  \nWorkqueue: events work_for_cpu_fn  \nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000    Not tainted  \nTPC:   \ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100  \ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000  \no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620  \no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128  \nRPC: <__pci_enable_msix_range+0x3ccl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020  \nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734  \ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d  \ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0  \nI7:   \nCall Trace:  \n[<00000000101888b0] niu_try_msix.constprop.0+0xc0/0x130 [niu]  \n[<000000001018f840] niu_get_invariants+0x183c/0x207c [niu]  \n[<00000000101902fc] niu_pci_init_one+0x27c/0x2fc [niu]  \n[<00000000005ef3e4] local_pci_probe+0x28/0x74  \n[<0000000000469240] work_for_cpu_fn+0x8/0x1c  \n[<000000000046b008] process_scheduled_works+0x144/0x210  \n[<000000000046b518] worker_thread+0x13c/0x1c0  \n[<00000000004710e0] kthread+0xb8/0xc8  \n[<00000000004060c8] ret_from_fork+0x1c/0x2c  \n[<0000000000000000] 0x0  \nKernel panic - not syncing: Non-resumable error. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T11:44:52.000000Z"}, {"uuid": "4fcecafc-ad07-4686-a4f2-f92ea55fe598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "14472b5b-328b-4643-b81f-a0e62a224e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37833", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "880fdb2e-75ac-418f-b670-7f115de6ed4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c2b92d0e-658a-4e84-aba0-d2b3f22aae39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37830", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "a67cda47-ffc6-404d-9010-9d6a51616f1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37833", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "429dcafc-e18a-4cbe-8d18-c8eae3c14e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37838", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12609", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37838\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nHSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition\n\nIn the ssi_protocol_probe() function, &ssi->work is bound with\nssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function\nwithin the ssip_pn_ops structure is capable of starting the\nwork.\n\nIf we remove the module which will call ssi_protocol_remove()\nto make a cleanup, it will free ssi through kfree(ssi),\nwhile the work mentioned above will be used. The sequence\nof operations that may lead to a UAF bug is as follows:\n\nCPU0                                    CPU1\n\n                        | ssip_xmit_work\nssi_protocol_remove     |\nkfree(ssi);             |\n                        | struct hsi_client *cl = ssi->cl;\n                        | // use ssi\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in ssi_protocol_remove().\n\ud83d\udccf Published: 2025-04-18T14:20:55.389Z\n\ud83d\udccf Modified: 2025-04-20T08:31:57.492Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/ae5a6a0b425e8f76a9f0677e50796e494e89b088\n2. https://git.kernel.org/stable/c/834e602d0cc7c743bfce734fad4a46cefc0f9ab1\n3. https://git.kernel.org/stable/c/4b4194c9a7a8f92db39e8e86c85f4fb12ebbec4f\n4. https://git.kernel.org/stable/c/e3f88665a78045fe35c7669d2926b8d97b892c11", "creation_timestamp": "2025-04-20T09:03:21.000000Z"}, {"uuid": "07e28782-38ce-412c-8899-6622cd49ad73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37838", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln3uu7st6u72", "content": "", "creation_timestamp": "2025-04-18T14:55:34.273739Z"}, {"uuid": "970b27b6-a03f-4915-91c4-1f09d650696b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37838", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114360157668378334", "content": "", "creation_timestamp": "2025-04-18T17:32:03.415199Z"}, {"uuid": "7c3503cb-b7a2-4746-bbdb-84e1a9fc6f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37836", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "561b170e-2419-4907-b2eb-7a232173cfe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37834", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15478", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: don't try to reclaim hwpoison folio\n\nSyzkaller reports a bug as follows:\n\nInjecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000\nMemory failure: 0x18b00e: dirty swapcache page still referenced by 2 users\nMemory failure: 0x18b00e: recovery action for dirty swapcache page: Failed\npage: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e\nmemcg:ffff0000dd6d9000\nanon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff)\nraw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9\nraw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000\npage dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))\n------------[ cut here ]------------\nkernel BUG at mm/swap_state.c:184!\nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP\nModules linked in:\nCPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3\nHardware name: linux,dummy-virt (DT)\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : add_to_swap+0xbc/0x158\nlr : add_to_swap+0xbc/0x158\nsp : ffff800087f37340\nx29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780\nx26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0\nx23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4\nx20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000\nx17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c\nx14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b\nx11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000\nx8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001\nx5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000\nCall trace:\n add_to_swap+0xbc/0x158\n shrink_folio_list+0x12ac/0x2648\n shrink_inactive_list+0x318/0x948\n shrink_lruvec+0x450/0x720\n shrink_node_memcgs+0x280/0x4a8\n shrink_node+0x128/0x978\n balance_pgdat+0x4f0/0xb20\n kswapd+0x228/0x438\n kthread+0x214/0x230\n ret_from_fork+0x10/0x20\n\nI can reproduce this issue with the following steps:\n\n1) When a dirty swapcache page is isolated by reclaim process and the\n   page isn't locked, inject memory failure for the page. \n   me_swapcache_dirty() clears uptodate flag and tries to delete from lru,\n   but fails.  Reclaim process will put the hwpoisoned page back to lru.\n\n2) The process that maps the hwpoisoned page exits, the page is deleted\n   the page will never be freed and will be in the lru forever.\n\n3) If we trigger a reclaim again and tries to reclaim the page,\n   add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is\n   cleared.\n\nTo fix it, skip the hwpoisoned page in shrink_folio_list().  Besides, the\nhwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap\nit in shrink_folio_list(), otherwise the folio will fail to be unmaped by\nhwpoison_user_mappings() since the folio isn't in lru list.\n\ud83d\udccf Published: 2025-05-08T06:26:24.463Z\n\ud83d\udccf Modified: 2025-05-08T06:26:24.463Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0\n2. https://git.kernel.org/stable/c/912e9f0300c3564b72a8808db406e313193a37ad\n3. https://git.kernel.org/stable/c/1b0449544c6482179ac84530b61fc192a6527bfd", "creation_timestamp": "2025-05-08T07:23:03.000000Z"}, {"uuid": "156f7553-682b-4fd0-8a02-16a3843c677b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37830", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15481", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37830\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.\n\ud83d\udccf Published: 2025-05-08T06:26:21.736Z\n\ud83d\udccf Modified: 2025-05-08T06:26:21.736Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4e3d1c1925d8e752992cd893d03d974e6807ac16\n2. https://git.kernel.org/stable/c/f9c5423855e3687262d881aeee5cfb3bc8577bff\n3. https://git.kernel.org/stable/c/ea834c90aa7cc80a1b456f7a91432734d5087d16\n4. https://git.kernel.org/stable/c/7ccfadfb2562337b4f0462a86a9746a6eea89718\n5. https://git.kernel.org/stable/c/cfaca93b8fe317b7faa9af732e0ba8c9081fa018\n6. https://git.kernel.org/stable/c/484d3f15cc6cbaa52541d6259778e715b2c83c54", "creation_timestamp": "2025-05-08T07:23:06.000000Z"}, {"uuid": "0f0fe4aa-ee23-431d-ba0a-b5fd0b206d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37832", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15479", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37832\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: sun50i: prevent out-of-bounds access\n\nA KASAN enabled kernel reports an out-of-bounds access when handling the\nnvmem cell in the sun50i cpufreq driver:\n==================================================================\nBUG: KASAN: slab-out-of-bounds in sun50i_cpufreq_nvmem_probe+0x180/0x3d4\nRead of size 4 at addr ffff000006bf31e0 by task kworker/u16:1/38\n\nThis is because the DT specifies the nvmem cell as covering only two\nbytes, but we use a u32 pointer to read the value. DTs for other SoCs\nindeed specify 4 bytes, so we cannot just shorten the variable to a u16.\n\nFortunately nvmem_cell_read() allows to return the length of the nvmem\ncell, in bytes, so we can use that information to only access the valid\nportion of the data.\nTo cover multiple cell sizes, use memcpy() to copy the information into a\nzeroed u32 buffer, then also make sure we always read the data in little\nendian fashion, as this is how the data is stored in the SID efuses.\n\ud83d\udccf Published: 2025-05-08T06:26:22.965Z\n\ud83d\udccf Modified: 2025-05-08T06:26:22.965Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/40bf7f560ca4c2468d518cebf14561bc864f58f8\n2. https://git.kernel.org/stable/c/dba5a1f963cf781c0b60f4b7f07465a6c687c27e\n3. https://git.kernel.org/stable/c/14c8a418159e541d70dbf8fc71225d1623beaf0f", "creation_timestamp": "2025-05-08T07:23:04.000000Z"}]}