https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 23:10:26 +0000 https://vulnerability.circl.lu/sighting/7edfa7ef-4243-4383-ab90-b19690f4af72/export {"uuid": "7edfa7ef-4243-4383-ab90-b19690f4af72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37813", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37813\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix invalid pointer dereference in Etron workaround\n\nThis check is performed before prepare_transfer() and prepare_ring(), so\nenqueue can already point at the final link TRB of a segment. And indeed\nit will, some 0.4% of times this code is called.\n\nThen enqueue + 1 is an invalid pointer. It will crash the kernel right\naway or load some junk which may look like a link TRB and cause the real\nlink TRB to be replaced with a NOOP. This wouldn't end well.\n\nUse a functionally equivalent test which doesn't dereference the pointer\nand always gives correct result.\n\nSomething has crashed my machine twice in recent days while playing with\nan Etron HC, and a control transfer stress test ran for confirmation has\njust crashed it again. The same test passes with this patch applied.\n\ud83d\udccf Published: 2025-05-08T06:26:10.000Z\n\ud83d\udccf Modified: 2025-05-08T06:26:10.000Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/142273a49f2c315eabdbdf5a71c15e479b75ca91\n2. https://git.kernel.org/stable/c/bce3055b08e303e28a8751f6073066f5c33a0744\n3. https://git.kernel.org/stable/c/0624e29c595b05e7a0e6d1c368f0a05799928e30\n4. https://git.kernel.org/stable/c/1ea050da5562af9b930d17cbbe9632d30f5df43a", "creation_timestamp": "2025-05-08T07:23:23.000000Z"} {"uuid": "7edfa7ef-4243-4383-ab90-b19690f4af72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37813", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37813\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix invalid pointer dereference in Etron workaround\n\nThis check is performed before prepare_transfer() and prepare_ring(), so\nenqueue can already point at the final link TRB of a segment. And indeed\nit will, some 0.4% of times this code is called.\n\nThen enqueue + 1 is an invalid pointer. It will crash the kernel right\naway or load some junk which may look like a link TRB and cause the real\nlink TRB to be replaced with a NOOP. This wouldn't end well.\n\nUse a functionally equivalent test which doesn't dereference the pointer\nand always gives correct result.\n\nSomething has crashed my machine twice in recent days while playing with\nan Etron HC, and a control transfer stress test ran for confirmation has\njust crashed it again. The same test passes with this patch applied.\n\ud83d\udccf Published: 2025-05-08T06:26:10.000Z\n\ud83d\udccf Modified: 2025-05-08T06:26:10.000Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/142273a49f2c315eabdbdf5a71c15e479b75ca91\n2. https://git.kernel.org/stable/c/bce3055b08e303e28a8751f6073066f5c33a0744\n3. https://git.kernel.org/stable/c/0624e29c595b05e7a0e6d1c368f0a05799928e30\n4. https://git.kernel.org/stable/c/1ea050da5562af9b930d17cbbe9632d30f5df43a", "creation_timestamp": "2025-05-08T07:23:23.000000Z"} https://vulnerability.circl.lu/sighting/7edfa7ef-4243-4383-ab90-b19690f4af72/export Thu, 08 May 2025 07:23:23 +0000