{"vulnerability": "cve-2025-2199", "sightings": [{"uuid": "a869b258-ee80-4f1b-baa7-214e977a85dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmgyqvvbua2x", "content": "", "creation_timestamp": "2026-05-22T13:05:11.045886Z"}, {"uuid": "9124468d-160e-4c7d-9b72-a1c0c264bab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkl324jj5422", "content": "", "creation_timestamp": "2025-03-17T11:40:11.078353Z"}, {"uuid": "fd199b40-e752-44b0-b416-0988221fbe05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lklcf3aobz2m", "content": "", "creation_timestamp": "2025-03-17T13:51:35.031602Z"}, {"uuid": "c1a376f8-7d3d-41b7-b670-511aac838228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21994", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lltuidwrgw2e", "content": "", "creation_timestamp": "2025-04-02T17:02:03.652817Z"}, {"uuid": "4155277f-5b1b-4fcc-bbcd-99798717bd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114272919108253388", "content": "", "creation_timestamp": "2025-04-03T07:46:08.638288Z"}, {"uuid": "c5789aa4-a54b-4fd7-92cc-11a6f4e3a7c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114272919108253388", "content": "", "creation_timestamp": "2025-04-03T07:46:08.639910Z"}, {"uuid": "7ae7a372-cce9-4c61-8fbc-778c4699a64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21997", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfca3zv24", "content": "", "creation_timestamp": "2025-04-03T11:11:57.515490Z"}, {"uuid": "ce33d5d9-f7ac-4f8c-a64d-1bb9a5f318ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21998", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfcn4qm2x", "content": "", "creation_timestamp": "2025-04-03T11:11:58.801490Z"}, {"uuid": "de618d2a-5b32-4b9e-9ca7-d10f4e419f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21996", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfcubva2o", "content": "", "creation_timestamp": "2025-04-03T11:12:00.034762Z"}, {"uuid": "694b7bbd-9b07-4201-9690-1c387df3f4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21995", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfcxyc32k", "content": "", "creation_timestamp": "2025-04-03T11:12:00.647890Z"}, {"uuid": "180228eb-1210-4ded-b15c-943fde17ccbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfd6t542i", "content": "", "creation_timestamp": "2025-04-03T11:12:01.768559Z"}, {"uuid": "e0617e67-81c9-46a4-aa6a-823d41ca18ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21991", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhky6biw2y", "content": "", "creation_timestamp": "2025-08-13T09:00:05.188742Z"}, {"uuid": "d086e61c-6359-4ddd-a16b-1207af13a283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:35.000000Z"}, {"uuid": "0dd9f7cf-2cc0-445a-8b1e-a862b3e35c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/9d7fef5d-952d-4ecc-880d-94d02304e7a3", "content": "", "creation_timestamp": "2025-07-30T07:59:24.597474Z"}, {"uuid": "c97d63c7-e7d6-4576-94f2-83fd70a2664e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7755", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2199\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in \u2018searchActionsToUpdate\u2019, \u2018searchSpecialitiesPending\u2019, \u2018searchSpecialitiesLinked\u2019, \u2018searchUsersToUpdateProfile\u2019, \u2018training_action_data\u2019, \u2018showContinuingTrainingCourses\u2019 and \u2018showUsersToEdit\u2019 in /local/administration/ajax.php.\n\ud83d\udccf Published: 2025-03-17T10:09:18.444Z\n\ud83d\udccf Modified: 2025-03-17T10:10:23.991Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins", "creation_timestamp": "2025-03-17T10:54:25.000000Z"}, {"uuid": "3d77103b-1bdb-47e4-9241-b4730f45d7ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21997", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10184", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21997\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix an integer overflow in xp_create_and_assign_umem()\n\nSince the i and pool->chunk_size variables are of type 'u32',\ntheir product can wrap around and then be cast to 'u64'.\nThis can lead to two different XDP buffers pointing to the same\nmemory area.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.\n\ud83d\udccf Published: 2025-04-03T07:19:00.583Z\n\ud83d\udccf Modified: 2025-04-03T07:19:00.583Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/205649d642a5b376724f04f3a5b3586815e43d3b\n2. https://git.kernel.org/stable/c/b7b4be1fa43294b50b22e812715198629806678a\n3. https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189ddd\n4. https://git.kernel.org/stable/c/c7670c197b0f1a8726ad5c87bc2bf001a1fc1bbd\n5. https://git.kernel.org/stable/c/559847f56769037e5b2e0474d3dbff985b98083d", "creation_timestamp": "2025-04-03T07:34:18.000000Z"}, {"uuid": "94fa5965-3b0c-4d9e-9a8c-9ffc8d045da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21998", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21998\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: fix efivars registration race\n\nSince the conversion to using the TZ allocator, the efivars service is\nregistered before the memory pool has been allocated, something which\ncan lead to a NULL-pointer dereference in case of a racing EFI variable\naccess.\n\nMake sure that all resources have been set up before registering the\nefivars.\n\ud83d\udccf Published: 2025-04-03T07:19:02.272Z\n\ud83d\udccf Modified: 2025-04-03T07:19:02.272Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a\n2. https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa\n3. https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a", "creation_timestamp": "2025-04-03T07:34:17.000000Z"}, {"uuid": "dd4c6e87-3ab6-4e6a-bbf8-d4d8d7ff33a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21995", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10186", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21995\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]\n\ud83d\udccf Published: 2025-04-03T07:18:59.178Z\n\ud83d\udccf Modified: 2025-04-03T07:18:59.178Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c76bd3c99293834de7d1dca5de536616d5655e38\n2. https://git.kernel.org/stable/c/1135a9431160575466ea9ac37ebd756ecbe35fff\n3. https://git.kernel.org/stable/c/35399c84dcedd6d31448fb9e1336ef52673f2882\n4. https://git.kernel.org/stable/c/a952f1ab696873be124e31ce5ef964d36bce817f", "creation_timestamp": "2025-04-03T07:34:22.000000Z"}, {"uuid": "8787e57e-96ea-494c-a6e3-08096dce21ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21996", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10185", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21996\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, 'size'\nwill point to 'tmp' variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init 'tmp' with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)\n\ud83d\udccf Published: 2025-04-03T07:18:59.933Z\n\ud83d\udccf Modified: 2025-04-03T07:18:59.933Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69\n2. https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8\n3. https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713\n4. https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8\n5. https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c", "creation_timestamp": "2025-04-03T07:34:18.000000Z"}, {"uuid": "fbc07eef-9732-4e65-8caf-f9d7f9d6a915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21991", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14810", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21991\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n  \"Some memory may share the same node as a CPU, and others are provided as\n  memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn't have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n  index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n  UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n  index 512 is out of range for type 'unsigned long[512]'\n  [...]\n  Call Trace:\n   dump_stack\n   __ubsan_handle_out_of_bounds\n   load_microcode_amd\n   request_microcode_amd\n   reload_store\n   kernfs_fop_write_iter\n   vfs_write\n   ksys_write\n   do_syscall_64\n   entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n  [ bp: Massage commit message, fix typo. ]\n\ud83d\udccf Published: 2025-04-02T12:53:14.230Z\n\ud83d\udccf Modified: 2025-05-04T13:06:52.038Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/d509c4731090ebd9bbdb72c70a2d70003ae81f4f\n2. https://git.kernel.org/stable/c/985a536e04bbfffb1770df43c6470f635a6b1073\n3. https://git.kernel.org/stable/c/18b5d857c6496b78ead2fd10001b81ae32d30cac\n4. https://git.kernel.org/stable/c/ec52240622c4d218d0240079b7c1d3ec2328a9f4\n5. https://git.kernel.org/stable/c/e686349cc19e800dac8971929089ba5ff59abfb0\n6. https://git.kernel.org/stable/c/488ffc0cac38f203979f83634236ee53251ce593\n7. https://git.kernel.org/stable/c/5ac295dfccb5b015493f86694fa13a0dde4d3665\n8. https://git.kernel.org/stable/c/e3e89178a9f4a80092578af3ff3c8478f9187d59", "creation_timestamp": "2025-05-04T13:18:56.000000Z"}, {"uuid": "4fc2d1b7-b492-4f79-add1-d67fe4b02d63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21996", "type": "seen", "source": "https://t.me/cvedetector/21964", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21996 - Radeon Linux Kernel Uninitialized Variable Use\", \n  \"Content\": \"CVE ID : CVE-2025-21996 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()  \n  \nOn the off chance that command stream passed from userspace via  \nioctl() call to radeon_vce_cs_parse() is weirdly crafted and  \nfirst command to execute is to encode (case 0x03000001), the function  \nin question will attempt to call radeon_vce_cs_reloc() with size  \nargument that has not been properly initialized. Specifically, 'size'  \nwill point to 'tmp' variable before the latter had a chance to be  \nassigned any value.  \n  \nPlay it safe and init 'tmp' with 0, thus ensuring that  \nradeon_vce_cs_reloc() will catch an early error in cases like these.  \n  \nFound by Linux Verification Center (linuxtesting.org) with static  \nanalysis tool SVACE.  \n  \n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:26.000000Z"}, {"uuid": "dbb2c662-6d59-43c7-8c04-ddb151b30149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21995", "type": "seen", "source": "https://t.me/cvedetector/21967", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21995 - Linux Kernel DRM Fence Reference Count Leak\", \n  \"Content\": \"CVE ID : CVE-2025-21995 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/sched: Fix fence reference count leak  \n  \nThe last_scheduled fence leaks when an entity is being killed and adding  \nthe cleanup callback fails.  \n  \nDecrement the reference count of prev when dma_fence_add_callback()  \nfails, ensuring proper balance.  \n  \n[phasta: add git tag info for stable kernel] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:28.000000Z"}, {"uuid": "03899d35-1496-4bee-af9a-0f30841436c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21999", "type": "seen", "source": "https://t.me/cvedetector/21959", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21999 - Apache Linux proc UAF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21999 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nproc: fix UAF in proc_get_inode()  \n  \nFix race between rmmod and /proc/XXX's inode instantiation.  \n  \nThe bug is that pde->proc_ops don't belong to /proc, it belongs to a  \nmodule, therefore dereferencing it after /proc entry has been registered  \nis a bug unless use_pde/unuse_pde() pair has been used.  \n  \nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops  \nnever changes so information necessary for inode instantiation can be  \nsaved _before_ proc_register() in PDE itself and used later, avoiding  \npde->proc_ops->...  dereference.  \n  \n      rmmod                         lookup  \nsys_delete_module  \n                         proc_lookup_de  \n      pde_get(de);  \n      proc_get_inode(dir->i_sb, de);  \n  mod->exit()  \n    proc_remove  \n      remove_proc_subtree  \n       proc_entry_rundown(de);  \n  free_module(mod);  \n  \n                               if (S_ISREG(inode->i_mode))  \n                          if (de->proc_ops->proc_read_iter)  \n                           --> As module is already freed, will trigger UAF  \n  \nBUG: unable to handle page fault for address: fffffbfff80a702b  \nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0  \nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI  \nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G  \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)  \nRIP: 0010:proc_get_inode+0x302/0x6e0  \nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06  \nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007  \nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158  \nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20  \nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0  \nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001  \nFS:  00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \nCall Trace:  \n   \n proc_lookup_de+0x11f/0x2e0  \n __lookup_slow+0x188/0x350  \n walk_component+0x2ab/0x4f0  \n path_lookupat+0x120/0x660  \n filename_lookup+0x1ce/0x560  \n vfs_statx+0xac/0x150  \n __do_sys_newstat+0x96/0x110  \n do_syscall_64+0x5f/0x170  \n entry_SYSCALL_64_after_hwframe+0x76/0x7e  \n  \n[adobriyan@gmail.com: don't do 2 atomic ops on the common path] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:19.000000Z"}, {"uuid": "cd8b4690-2a16-4348-9034-1c8f1dad0f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21998", "type": "seen", "source": "https://t.me/cvedetector/21958", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21998 - Apache Firmware Null Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2025-21998 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nfirmware: qcom: uefisecapp: fix efivars registration race  \n  \nSince the conversion to using the TZ allocator, the efivars service is  \nregistered before the memory pool has been allocated, something which  \ncan lead to a NULL-pointer dereference in case of a racing EFI variable  \naccess.  \n  \nMake sure that all resources have been set up before registering the  \nefivars. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:15.000000Z"}, {"uuid": "b0f61f53-e4aa-4a43-921a-6004381d8c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21997", "type": "seen", "source": "https://t.me/cvedetector/21957", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21997 - Linux Kernel xsk Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21997 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nxsk: fix an integer overflow in xp_create_and_assign_umem()  \n  \nSince the i and pool->chunk_size variables are of type 'u32',  \ntheir product can wrap around and then be cast to 'u64'.  \nThis can lead to two different XDP buffers pointing to the same  \nmemory area.  \n  \nFound by InfoTeCS on behalf of Linux Verification Center  \n(linuxtesting.org) with SVACE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:14.000000Z"}, {"uuid": "29411725-523e-4df7-bed8-382a729a0fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21992", "type": "seen", "source": "https://t.me/cvedetector/21871", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21992 - HP 5MP Camera HID Sensor Interface Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-21992 \nPublished : April 2, 2025, 1:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nHID: ignore non-functional sensor in HP 5MP Camera  \n  \nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that  \nis not actually implemented. Attempting to access this non-functional  \nsensor via iio_info causes system hangs as runtime PM tries to wake up  \nan unresponsive sensor.  \n  \n  [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff  \n  [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff  \n  \nAdd this device to the HID ignore list since the sensor interface is  \nnon-functional by design and should not be exposed to userspace. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T16:39:31.000000Z"}, {"uuid": "b70413c0-5dc2-4d58-82d7-3f271a122c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21994", "type": "seen", "source": "https://t.me/cvedetector/21886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21994 - Linux ksmbd Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21994 \nPublished : April 2, 2025, 2:16 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nksmbd: fix incorrect validation for num_aces field of smb_acl  \n  \nparse_dcal() validate num_aces to allocate posix_ace_state_array.  \n  \nif (num_aces > ULONG_MAX / sizeof(struct smb_ace *))  \n  \nIt is an incorrect validation that we can create an array of size ULONG_MAX.  \nsmb_acl has ->size field to calculate actual number of aces in request buffer  \nsize. Use this to check invalid num_aces. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T19:10:05.000000Z"}, {"uuid": "48864177-f1a3-4bbd-953a-231560389556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21993", "type": "seen", "source": "https://t.me/cvedetector/21872", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21993 - IBM iSCSI IPv6 Subnet Mask Out-of-Bounds Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21993 \nPublished : April 2, 2025, 1:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()  \n  \nWhen performing an iSCSI boot using IPv6, iscsistart still reads the  \n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix  \nlength is 64, this causes the shift exponent to become negative,  \ntriggering a UBSAN warning. As the concept of a subnet mask does not  \napply to IPv6, the value is set to ~0 to suppress the warning message. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T16:39:31.000000Z"}, {"uuid": "1b2a0e32-bfe7-47ee-b62f-5d3aaf238280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21991", "type": "seen", "source": "https://t.me/cvedetector/21870", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21991 - AMD CPU Microcode Out-of-Bounds Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21991 \nPublished : April 2, 2025, 1:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes  \n  \nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their  \nCPU masks and unconditionally accesses per-CPU data for the first CPU of each  \nmask.  \n  \nAccording to Documentation/admin-guide/mm/numaperf.rst:  \n  \n  \"Some memory may share the same node as a CPU, and others are provided as  \n  memory only nodes.\"  \n  \nTherefore, some node CPU masks may be empty and wouldn't have a \"first CPU\".  \n  \nOn a machine with far memory (and therefore CPU-less NUMA nodes):  \n- cpumask_of_node(nid) is 0  \n- cpumask_first(0) is CONFIG_NR_CPUS  \n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an  \n  index that is 1 out of bounds  \n  \nThis does not have any security implications since flashing microcode is  \na privileged operation but I believe this has reliability implications by  \npotentially corrupting memory while flashing a microcode update.  \n  \nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes  \na microcode update. I get the following splat:  \n  \n  UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y  \n  index 512 is out of range for type 'unsigned long[512]'  \n  [...]  \n  Call Trace:  \n   dump_stack  \n   __ubsan_handle_out_of_bounds  \n   load_microcode_amd  \n   request_microcode_amd  \n   reload_store  \n   kernfs_fop_write_iter  \n   vfs_write  \n   ksys_write  \n   do_syscall_64  \n   entry_SYSCALL_64_after_hwframe  \n  \nChange the loop to go over only NUMA nodes which have CPUs before determining  \nwhether the first CPU on the respective node needs microcode update.  \n  \n  [ bp: Massage commit message, fix typo. ] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T16:39:30.000000Z"}, {"uuid": "5d8caff8-56e9-4a55-b61d-b68d33b85a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21990", "type": "seen", "source": "https://t.me/cvedetector/21869", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21990 - AMDGPU NULL Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21990 \nPublished : April 2, 2025, 1:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags  \n  \nPRT BOs may not have any backing store, so bo->tbo.resource will be  \nNULL. Check for that before dereferencing.  \n  \n(cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T16:39:29.000000Z"}, {"uuid": "2691b3fc-c95d-4e73-abe6-025b3943f2f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "https://t.me/cvedetector/20451", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2199 - Innovaci\u00f3n y Cualificaci\u00f3n Local Administration Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2199 \nPublished : March 17, 2025, 10:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : SQL injection vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in \u2018searchActionsToUpdate\u2019, \u2018searchSpecialitiesPending\u2019, \u2018searchSpecialitiesLinked\u2019, \u2018searchUsersToUpdateProfile\u2019, \u2018training_action_data\u2019, \u2018showContinuingTrainingCourses\u2019 and \u2018showUsersToEdit\u2019 in /local/administration/ajax.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T13:17:01.000000Z"}, {"uuid": "6546e725-0a07-4ba7-bfee-2080f280b6cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2199", "type": "seen", "source": "Telegram/GZuMtE7t_vqUUXxVbM6zfoPB-Bc-Xdm5Sf6zYaWo4RQQHsE", "content": "", "creation_timestamp": "2025-03-17T12:01:12.000000Z"}]}