Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-08T16:49:32.554624+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/9748b772-7212-4e0d-a3b5-bcb56df1c8a9/export 9748b772-7212-4e0d-a3b5-bcb56df1c8a9 2026-05-08T16:49:32.987943+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9748b772-7212-4e0d-a3b5-bcb56df1c8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22126", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13397", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22126\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n t2:\n //remove mddev2\n ...\n mddev_free\n spin_lock\n list_del\n spin_unlock\n kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2->all_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it's not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.\n\ud83d\udccf Published: 2025-04-16T14:13:09.399Z\n\ud83d\udccf Modified: 2025-04-25T10:06:48.152Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/ca9f84de76723b358dfc0606668efdca54afc2e5\n2. https://git.kernel.org/stable/c/d69a23d8e925f8052d657652a6875ec2712c7e33\n3. https://git.kernel.org/stable/c/e2a9f73ee408a460f4c9dfe03b4741d6b11652b8\n4. https://git.kernel.org/stable/c/5462544ccbad3fc938a71b01fa5bd3a0dc2b750a\n5. https://git.kernel.org/stable/c/8542870237c3a48ff049b6c5df5f50c8728284fa", "creation_timestamp": "2025-04-25T11:07:40.000000Z"} 2025-04-25T11:07:40+00:00