Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 11 Jun 2026 17:25:33 +0000 5aa478f2-13bf-4d2c-a6d7-3804d42c1045 https://vulnerability.circl.lu/sighting/5aa478f2-13bf-4d2c-a6d7-3804d42c1045/export {"uuid": "5aa478f2-13bf-4d2c-a6d7-3804d42c1045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37989", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17027", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37989\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: leds: fix memory leak\n\nA network restart test on a router led to an out-of-memory condition,\nwhich was traced to a memory leak in the PHY LED trigger code.\n\nThe root cause is misuse of the devm API. The registration function\n(phy_led_triggers_register) is called from phy_attach_direct, not\nphy_probe, and the unregister function (phy_led_triggers_unregister)\nis called from phy_detach, not phy_remove. This means the register and\nunregister functions can be called multiple times for the same PHY\ndevice, but devm-allocated memory is not freed until the driver is\nunbound.\n\nThis also prevents kmemleak from detecting the leak, as the devm API\ninternally stores the allocated pointer.\n\nFix this by replacing devm_kzalloc/devm_kcalloc with standard\nkzalloc/kcalloc, and add the corresponding kfree calls in the unregister\npath.\n\ud83d\udccf Published: 2025-05-20T17:09:21.419Z\n\ud83d\udccf Modified: 2025-05-20T17:09:21.419Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/966d6494e2ed9be9052fcd9815afba830896aaf8\n2. https://git.kernel.org/stable/c/95bed65cc0eb2a610550abf849a8b94374da80a7\n3. https://git.kernel.org/stable/c/663c3da86e807c6c07ed48f911c7526fad6fe1ff\n4. https://git.kernel.org/stable/c/f41f097f68a33d392579885426d0734a81219501\n5. https://git.kernel.org/stable/c/618541a6cc1511064dfa58c89b3445e21844092f\n6. https://git.kernel.org/stable/c/41143e71052a00d654c15dc924fda50c1e7357d0\n7. https://git.kernel.org/stable/c/7f3d5880800f962c347777c4f8358f29f5fc403c\n8. https://git.kernel.org/stable/c/b7f0ee992adf601aa00c252418266177eb7ac2bc", "creation_timestamp": "2025-05-20T17:44:42.000000Z"} {"uuid": "5aa478f2-13bf-4d2c-a6d7-3804d42c1045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37989", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17027", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37989\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: leds: fix memory leak\n\nA network restart test on a router led to an out-of-memory condition,\nwhich was traced to a memory leak in the PHY LED trigger code.\n\nThe root cause is misuse of the devm API. The registration function\n(phy_led_triggers_register) is called from phy_attach_direct, not\nphy_probe, and the unregister function (phy_led_triggers_unregister)\nis called from phy_detach, not phy_remove. This means the register and\nunregister functions can be called multiple times for the same PHY\ndevice, but devm-allocated memory is not freed until the driver is\nunbound.\n\nThis also prevents kmemleak from detecting the leak, as the devm API\ninternally stores the allocated pointer.\n\nFix this by replacing devm_kzalloc/devm_kcalloc with standard\nkzalloc/kcalloc, and add the corresponding kfree calls in the unregister\npath.\n\ud83d\udccf Published: 2025-05-20T17:09:21.419Z\n\ud83d\udccf Modified: 2025-05-20T17:09:21.419Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/966d6494e2ed9be9052fcd9815afba830896aaf8\n2. https://git.kernel.org/stable/c/95bed65cc0eb2a610550abf849a8b94374da80a7\n3. https://git.kernel.org/stable/c/663c3da86e807c6c07ed48f911c7526fad6fe1ff\n4. https://git.kernel.org/stable/c/f41f097f68a33d392579885426d0734a81219501\n5. https://git.kernel.org/stable/c/618541a6cc1511064dfa58c89b3445e21844092f\n6. https://git.kernel.org/stable/c/41143e71052a00d654c15dc924fda50c1e7357d0\n7. https://git.kernel.org/stable/c/7f3d5880800f962c347777c4f8358f29f5fc403c\n8. https://git.kernel.org/stable/c/b7f0ee992adf601aa00c252418266177eb7ac2bc", "creation_timestamp": "2025-05-20T17:44:42.000000Z"} https://vulnerability.circl.lu/sighting/5aa478f2-13bf-4d2c-a6d7-3804d42c1045/export Tue, 20 May 2025 17:44:42 +0000