{"vulnerability": "cve-2025-3807", "sightings": [{"uuid": "7875db52-8812-44b8-bc78-cd48cd7e5e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38074", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "0fde70f3-acba-4643-a34e-1464c7c26061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3807", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3807\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-19T17:00:12.037Z\n\ud83d\udccf Modified: 2025-04-19T17:00:12.037Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305661\n2. https://vuldb.com/?ctiid.305661\n3. https://vuldb.com/?submit.555258\n4. https://github.com/caigo8/CVE-md/blob/main/My-bbs/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md", "creation_timestamp": "2025-04-19T18:02:40.000000Z"}, {"uuid": "27304dcd-2750-45a6-a565-ac2a27b42638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38074", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114703977953402514", "content": "", "creation_timestamp": "2025-06-18T10:50:04.615662Z"}, {"uuid": "35fd72cf-ab04-48dd-9c4b-fcb5ffdb140e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38075", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruxob4k7r2o", "content": "", "creation_timestamp": "2025-06-18T12:02:50.802933Z"}, {"uuid": "785ae3e9-ac1e-4255-8515-b3a959235484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38076", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruxx7l3nx2u", "content": "", "creation_timestamp": "2025-06-18T12:07:51.357648Z"}, {"uuid": "765bdaff-5801-4534-8033-a3f435c78abb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38077", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruya623g625", "content": "", "creation_timestamp": "2025-06-18T12:12:51.532708Z"}, {"uuid": "cdcc6766-fca9-4f66-9c0c-dab651277fc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lzgbp4knyp2t", "content": "", "creation_timestamp": "2025-09-22T11:13:53.937998Z"}, {"uuid": "0a266a3d-2a8f-47ff-b8c6-76b021f1e0e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwom472ww22k", "content": "", "creation_timestamp": "2025-08-18T14:25:55.894387Z"}, {"uuid": "f7e82692-dec2-43d0-b144-fddec567806e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwosfyue622k", "content": "", "creation_timestamp": "2025-08-18T16:18:48.286293Z"}, {"uuid": "730a4c78-d228-48bd-8422-fe4ee9d51b7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwowhozcxc2k", "content": "", "creation_timestamp": "2025-08-18T17:31:20.067175Z"}, {"uuid": "40017151-d566-4e00-a18b-305cb056c258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38070", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d08ecde2-d9fe-480c-ab79-518f3a890468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38071", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7cc35961-31ce-4521-9f9c-1358d7629722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38071", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "cebb4bff-1039-4402-8ee7-d7fec3733560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38070", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruvt5xyvw2p", "content": "", "creation_timestamp": "2025-06-18T11:29:47.854407Z"}, {"uuid": "b3f4aabb-08bd-4e11-9df5-40ab11dd27c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruvyydxlo2p", "content": "", "creation_timestamp": "2025-06-18T11:33:06.093079Z"}, {"uuid": "b4f9fdec-8d4f-4c86-8d21-7f52428c3bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38071", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruw47z6zl2m", "content": "", "creation_timestamp": "2025-06-18T11:34:51.802607Z"}, {"uuid": "7a43e96d-ba1e-49e6-97cb-bb86c4c46c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38074", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruw7ln7jr23", "content": "", "creation_timestamp": "2025-06-18T11:36:44.702494Z"}, {"uuid": "4d0cade0-d219-496a-b5b2-202758e25f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruwd6gm5b2u", "content": "", "creation_timestamp": "2025-06-18T11:38:45.059744Z"}, {"uuid": "9eb68e32-f48c-4708-979d-71ca5e2e2f32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38078", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruwgzesoc2u", "content": "", "creation_timestamp": "2025-06-18T11:40:54.224964Z"}, {"uuid": "5b20c020-04a4-49ca-9c1f-8d7173a0e175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38072", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrux7umtls25", "content": "", "creation_timestamp": "2025-06-18T11:54:48.052934Z"}, {"uuid": "ae5f304e-b4ff-4574-8228-f4e90e925bab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3807", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln7iafnyudf2", "content": "", "creation_timestamp": "2025-04-20T01:20:10.403406Z"}, {"uuid": "ba668330-eb08-497d-9a78-6cd23cf827d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwu7dsw5kk2p", "content": "", "creation_timestamp": "2025-08-20T19:53:31.802376Z"}, {"uuid": "89e11d4a-d500-4cad-9950-15d7bb6d6bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwz32rop7225", "content": "", "creation_timestamp": "2025-08-22T18:20:13.287979Z"}, {"uuid": "446c0460-6f79-4274-8c3c-621e62f37b6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "seen", "source": "https://gist.github.com/Darkcrai86/53bec4fdb4a1e98e494cec7eb3fe66c1", "content": "", "creation_timestamp": "2025-08-28T17:44:33.000000Z"}, {"uuid": "28158ad5-4995-4ab5-9d13-0b26d10c9a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38073", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "78f263f6-aeee-47ea-998b-a8a6bbefc18d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38075", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18706", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38075\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP  strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started.\n\ud83d\udccf Published: 2025-06-18T09:33:50.646Z\n\ud83d\udccf Modified: 2025-06-18T09:33:50.646Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad592fc0e2a54de35\n2. https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe427f0d732ebc9f9\n3. https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27\n4. https://git.kernel.org/stable/c/6815846e0c3a62116a7da9740e3a7c10edc5c7e9\n5. https://git.kernel.org/stable/c/fe8421e853ef289e1324fcda004751c89dd9c18a\n6. https://git.kernel.org/stable/c/87389bff743c55b6b85282de91109391f43e0814\n7. https://git.kernel.org/stable/c/3e6429e3707943078240a2c0c0b3ee99ea9b0d9c\n8. https://git.kernel.org/stable/c/7f533cc5ee4c4436cee51dc58e81dfd9c3384418", "creation_timestamp": "2025-06-18T10:40:03.000000Z"}, {"uuid": "9f03eb29-6390-4e14-90bb-43c9158b163b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38076", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18705", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38076\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nalloc_tag: allocate percpu counters for module tags dynamically\n\nWhen a module gets unloaded it checks whether any of its tags are still in\nuse and if so, we keep the memory containing module's allocation tags\nalive until all tags are unused.  However percpu counters referenced by\nthe tags are freed by free_module().  This will lead to UAF if the memory\nallocated by a module is accessed after module was unloaded.\n\nTo fix this we allocate percpu counters for module allocation tags\ndynamically and we keep it alive for tags which are still in use after\nmodule unloading.  This also removes the requirement of a larger\nPERCPU_MODULE_RESERVE when memory allocation profiling is enabled because\npercpu memory for counters does not need to be reserved anymore.\n\ud83d\udccf Published: 2025-06-18T09:33:51.293Z\n\ud83d\udccf Modified: 2025-06-18T09:33:51.293Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/3cc733e6d96c938d2b82be96858a0ab900eb6fdc\n2. https://git.kernel.org/stable/c/12ca42c237756182aad8ab04654c952765cb9061", "creation_timestamp": "2025-06-18T10:40:02.000000Z"}, {"uuid": "2d77b306-0dc2-4b09-a255-263d3a15323a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38072", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38072\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\n\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\n\nCode and flow:\n\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\n\ndrivers/cxl/pmem.c:             .config_size = mds->lsa_size,\n\n3) max_xfer is set to zero (nvdimm driver):\n\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);\n\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\n\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c-                 config_size);\n\nFix this by checking the config size parameter by extending an\nexisting check.\n\ud83d\udccf Published: 2025-06-18T09:33:48.666Z\n\ud83d\udccf Modified: 2025-06-18T09:33:48.666Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca\n2. https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b\n3. https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3\n4. https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed\n5. https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2\n6. https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c\n7. https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716\n8. https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959", "creation_timestamp": "2025-06-18T10:40:09.000000Z"}, {"uuid": "70b32202-99bf-4ff1-9ed4-d575ee82eb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38073", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38073\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix race between set_blocksize and read paths\n\nWith the new large sector size support, it's now the case that\nset_blocksize can change i_blksize and the folio order in a manner that\nconflicts with a concurrent reader and causes a kernel crash.\n\nSpecifically, let's say that udev-worker calls libblkid to detect the\nlabels on a block device.  The read call can create an order-0 folio to\nread the first 4096 bytes from the disk.  But then udev is preempted.\n\nNext, someone tries to mount an 8k-sectorsize filesystem from the same\nblock device.  The filesystem calls set_blksize, which sets i_blksize to\n8192 and the minimum folio order to 1.\n\nNow udev resumes, still holding the order-0 folio it allocated.  It then\ntries to schedule a read bio and do_mpage_readahead tries to create\nbufferheads for the folio.  Unfortunately, blocks_per_folio == 0 because\nthe page size is 4096 but the blocksize is 8192 so no bufferheads are\nattached and the bh walk never sets bdev.  We then submit the bio with a\nNULL block device and crash.\n\nTherefore, truncate the page cache after flushing but before updating\ni_blksize.  However, that's not enough -- we also need to lock out file\nIO and page faults during the update.  Take both the i_rwsem and the\ninvalidate_lock in exclusive mode for invalidations, and in shared mode\nfor read/write operations.\n\nI don't know if this is the correct fix, but xfs/259 found it.\n\ud83d\udccf Published: 2025-06-18T09:33:49.393Z\n\ud83d\udccf Modified: 2025-06-18T09:33:49.393Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/64f505b08e0cfd8163491c8c082d4f47a88e51d4\n2. https://git.kernel.org/stable/c/8c5cf440a378801d313eb58be996fdc81a8878a4\n3. https://git.kernel.org/stable/c/c0e473a0d226479e8e925d5ba93f751d8df628e9", "creation_timestamp": "2025-06-18T10:40:08.000000Z"}, {"uuid": "6b0e4371-c0b8-4dcf-98b7-daa4fff9b65a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38077", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18704", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38077\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()\n\nIf the 'buf' array received from the user contains an empty string, the\n'length' variable will be zero. Accessing the 'buf' array element with\nindex 'length - 1' will result in a buffer overflow.\n\nAdd a check for an empty string.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\ud83d\udccf Published: 2025-06-18T09:33:51.986Z\n\ud83d\udccf Modified: 2025-06-18T09:33:51.986Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3\n2. https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5\n3. https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f\n4. https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b\n5. https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc\n6. https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6", "creation_timestamp": "2025-06-18T10:40:01.000000Z"}, {"uuid": "241be006-05db-48d8-a467-313774a92c02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38078", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18703", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38078\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime->dma_area.  But this may\nlead to a UAF because the accessed runtime->dma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation.\n\ud83d\udccf Published: 2025-06-18T09:33:52.644Z\n\ud83d\udccf Modified: 2025-06-18T09:33:52.644Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f\n2. https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25\n3. https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf\n4. https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a\n5. https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455\n6. https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4\n7. https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470\n8. https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73", "creation_timestamp": "2025-06-18T10:40:01.000000Z"}, {"uuid": "9bf9e437-33ca-47a6-893f-e9e035eb8991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38079", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38079\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.\n\ud83d\udccf Published: 2025-06-18T09:33:53.251Z\n\ud83d\udccf Modified: 2025-06-18T09:33:53.251Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633\n2. https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf\n3. https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547\n4. https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4\n5. https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993\n6. https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896\n7. https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967\n8. https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6", "creation_timestamp": "2025-06-18T10:40:00.000000Z"}, {"uuid": "af705c0c-b7c8-4434-ab5c-f93a7bfb0311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38070", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38070\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: Add NULL check in sma1307_setting_loaded()\n\nAll varibale allocated by kzalloc and devm_kzalloc could be NULL.\nMultiple pointer checks and their cleanup are added.\n\nThis issue is found by our static analysis tool\n\ud83d\udccf Published: 2025-06-18T09:33:47.351Z\n\ud83d\udccf Modified: 2025-06-18T09:33:47.351Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f8434b8ba437d3f6cbcd9ffe8405bd16ed28fc5c\n2. https://git.kernel.org/stable/c/0ec6bd16705fe21d6429d6b8f7981eae2142bba8", "creation_timestamp": "2025-06-18T10:40:11.000000Z"}, {"uuid": "a74ac37f-afe3-4644-be73-98da490b6bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38074", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18707", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38074\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq->log_used with vq->mutex\n\nThe vhost-scsi completion path may access vq->log_base when vq->log_used is\nalready set to false.\n\n    vhost-thread                       QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-> vhost_add_used()\n   -> vhost_add_used_n()\n      if (unlikely(vq->log_used))\n                                      QEMU disables vq->log_used\n                                      via VHOST_SET_VRING_ADDR.\n                                      mutex_lock(&vq->mutex);\n                                      vq->log_used = false now!\n                                      mutex_unlock(&vq->mutex);\n\n          QEMU gfree(vq->log_base)\n        log_used()\n        -> log_write(vq->log_base)\n\nAssuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.\n\ud83d\udccf Published: 2025-06-18T09:33:50.006Z\n\ud83d\udccf Modified: 2025-06-18T09:33:50.006Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/ca85c2d0db5f8309832be45858b960d933c2131c\n2. https://git.kernel.org/stable/c/bd8c9404e44adb9f6219c09b3409a61ab7ce3427\n3. https://git.kernel.org/stable/c/c0039e3afda29be469d29b3013d7f9bdee136834\n4. https://git.kernel.org/stable/c/f591cf9fce724e5075cc67488c43c6e39e8cbe27", "creation_timestamp": "2025-06-18T10:40:04.000000Z"}, {"uuid": "178ccb6a-bf9d-4a76-85c2-8b98f344a074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38071", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18710", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38071\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Check return value from memblock_phys_alloc_range()\n\nAt least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of\ncontiguous free memory available at this point, the kernel will crash\nand burn because memblock_phys_alloc_range() returns 0 on failure,\nwhich leads memblock_phys_free() to throw the first 4 MiB of physical\nmemory to the wolves.\n\nAt a minimum it should fail gracefully with a meaningful diagnostic,\nbut in fact everything seems to work fine without the weird reserve\nallocation.\n\ud83d\udccf Published: 2025-06-18T09:33:47.975Z\n\ud83d\udccf Modified: 2025-06-18T09:33:47.975Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8c18c904d301ffeb33b071eadc55cd6131e1e9be\n2. https://git.kernel.org/stable/c/bffd5f2815c5234d609725cd0dc2f4bc5de2fc67\n3. https://git.kernel.org/stable/c/c6f2694c580c27dca0cf7546ee9b4bfa6b940e38\n4. https://git.kernel.org/stable/c/dde4800d2b0f68b945fd81d4fc2d4a10ae25f743\n5. https://git.kernel.org/stable/c/631ca8909fd5c62b9fda9edda93924311a78a9c4", "creation_timestamp": "2025-06-18T10:40:10.000000Z"}, {"uuid": "bfc991bd-3521-47dd-ab9d-64009f8571d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3807", "type": "seen", "source": "https://t.me/cvedetector/23391", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3807 - Zhenfeng13 My-BBS Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3807 \nPublished : April 19, 2025, 5:15 p.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T21:50:03.000000Z"}]}