Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-05T22:28:24.962102+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/50a377b6-bf6d-433b-9d6d-b8a3d2659ad4/export 50a377b6-bf6d-433b-9d6d-b8a3d2659ad4 2026-05-05T22:28:25.328074+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "50a377b6-bf6d-433b-9d6d-b8a3d2659ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://t.me/cvedetector/23115", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-23133 - Ath11k Linux Kernel Out-of-Bounds Write Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-23133 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nwifi: ath11k: update channel list in reg notifier instead reg worker \n \nCurrently when ath11k gets a new channel list, it will be processed \naccording to the following steps: \n1. update new channel list to cfg80211 and queue reg_work. \n2. cfg80211 handles new channel list during reg_work. \n3. update cfg80211's handled channel list to firmware by \nath11k_reg_update_chan_list(). \n \nBut ath11k will immediately execute step 3 after reg_work is just \nqueued. Since step 2 is asynchronous, cfg80211 may not have completed \nhandling the new channel list, which may leading to an out-of-bounds \nwrite error: \nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list \nCall Trace: \n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k] \n kfree+0x109/0x3a0 \n ath11k_regd_update+0x1cf/0x350 [ath11k] \n ath11k_regd_update_work+0x14/0x20 [ath11k] \n process_one_work+0xe35/0x14c0 \n \nShould ensure step 2 is completely done before executing step 3. Thus \nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set, \ncfg80211 will notify ath11k after step 2 is done. \n \nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will \nnotify ath11k after step 2 is done. At this time, there will be no \nKASAN bug during the execution of the step 3. \n \n[1] \n \nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:37.000000Z"} 2025-04-16T17:43:37+00:00 https://vulnerability.circl.lu/sighting/9737d7c6-c163-4544-9ee3-94d0234e343f/export 9737d7c6-c163-4544-9ee3-94d0234e343f 2026-05-05T22:28:25.326324+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9737d7c6-c163-4544-9ee3-94d0234e343f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23133", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14801", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23133\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211's handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n kfree+0x109/0x3a0\n ath11k_regd_update+0x1cf/0x350 [ath11k]\n ath11k_regd_update_work+0x14/0x20 [ath11k]\n process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3\n\ud83d\udccf Published: 2025-04-16T14:13:14.485Z\n\ud83d\udccf Modified: 2025-05-04T13:07:06.636Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f952fb83c9c6f908d27500764c4aee1df04b9d3f\n2. https://git.kernel.org/stable/c/933ab187e679e6fbdeea1835ae39efcc59c022d2", "creation_timestamp": "2025-05-04T13:18:44.000000Z"} 2025-05-04T13:18:44+00:00 https://vulnerability.circl.lu/sighting/3d9a89f7-7877-481a-ad43-f2316c33bacf/export 3d9a89f7-7877-481a-ad43-f2316c33bacf 2026-05-05T22:28:25.326215+00:00 Joseph Lee http://vulnerability.circl.lu/user/syspect {"uuid": "3d9a89f7-7877-481a-ad43-f2316c33bacf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} 2026-03-19T00:00:00+00:00 https://vulnerability.circl.lu/sighting/9ebc5e41-0a77-4990-8c0e-dc973d3fdbe0/export 9ebc5e41-0a77-4990-8c0e-dc973d3fdbe0 2026-05-05T22:28:25.326031+00:00 Joseph Lee http://vulnerability.circl.lu/user/syspect {"uuid": "9ebc5e41-0a77-4990-8c0e-dc973d3fdbe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} 2026-04-02T17:00:00+00:00 https://vulnerability.circl.lu/sighting/42a06f75-f8cc-4be2-8ca4-3bdbe30b89ce/export 42a06f75-f8cc-4be2-8ca4-3bdbe30b89ce 2026-05-05T22:28:25.323287+00:00 Joseph Lee http://vulnerability.circl.lu/user/syspect {"uuid": "42a06f75-f8cc-4be2-8ca4-3bdbe30b89ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"} 2026-04-07T18:00:00+00:00