{"vulnerability": "CVE-2025-2177", "sightings": [{"uuid": "d1f47e58-9e1e-4243-b0bd-19505b66a9bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21772", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3luijxfivcs2y", "content": "", "creation_timestamp": "2025-07-21T17:41:06.424039Z"}, {"uuid": "40017045-a3f6-4ec1-9aa7-c6b9a1fea659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj56qb5uya2y", "content": "", "creation_timestamp": "2025-02-27T05:43:47.684527Z"}, {"uuid": "2c3d42d1-457f-406c-aab1-3ab627351326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2177", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "dae8f75e-9609-4979-83ea-59564e96e03e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2177", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:31.000000Z"}, {"uuid": "0ef494ce-ca8a-4275-92d0-7ab06b480f9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21779", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "b4ba68d5-a768-4187-a073-1a9b29cbb9a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21776", "type": "seen", "source": "https://gist.github.com/Darkcrai86/0bb69cc9f5226c3ef22886c4a9ccbd31", "content": "", "creation_timestamp": "2025-08-28T17:44:17.000000Z"}, {"uuid": "50664b9f-a383-477b-ab8c-9375421edf2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2177", "type": "seen", "source": "https://t.me/cvedetector/20057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2177 - Libzvbi Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2177 \nPublished : March 11, 2025, 8:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T11:46:22.000000Z"}, {"uuid": "20e70bf4-e6ff-4a38-bc5b-8fc8e17ffb84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21777", "type": "seen", "source": "https://t.me/cvedetector/19017", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21777 - Linux Kernel Ring Buffer Duplicate Index Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21777 \nPublished : Feb. 27, 2025, 3:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nring-buffer: Validate the persistent meta data subbuf array  \n  \nThe meta data for a mapped ring buffer contains an array of indexes of all  \nthe subbuffers. The first entry is the reader page, and the rest of the  \nentries lay out the order of the subbuffers in how the ring buffer link  \nlist is to be created.  \n  \nThe validator currently makes sure that all the entries are within the  \nrange of 0 and nr_subbufs. But it does not check if there are any  \nduplicates.  \n  \nWhile working on the ring buffer, I corrupted this array, where I added  \nduplicates. The validator did not catch it and created the ring buffer  \nlink list on top of it. Luckily, the corruption was only that the reader  \npage was also in the writer path and only presented corrupted data but did  \nnot crash the kernel. But if there were duplicates in the writer side,  \nthen it could corrupt the ring buffer link list and cause a crash.  \n  \nCreate a bitmask array with the size of the number of subbuffers. Then  \nclear it. When walking through the subbuf array checking to see if the  \nentries are within the range, test if its bit is already set in the  \nsubbuf_mask. If it is, then there is duplicates and fail the validation.  \nIf not, set the corresponding bit and continue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T06:11:42.000000Z"}, {"uuid": "8409fb53-bbb6-46a9-b175-c2a71c3f896d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21776", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/19015", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21776 - \"Linux USB Hub: NULL Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21776 \nPublished : Feb. 27, 2025, 3:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nUSB: hub: Ignore non-compliant devices with too many configs or interfaces  \n  \nRobert Morris created a test program which can cause  \nusb_hub_to_struct_hub() to dereference a NULL or inappropriate  \npointer:  \n  \nOops: general protection fault, probably for non-canonical address  \n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI  \nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14  \nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021  \nWorkqueue: usb_hub_wq hub_event  \nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110  \n...  \nCall Trace:  \n   \n ? die_addr+0x31/0x80  \n ? exc_general_protection+0x1b4/0x3c0  \n ? asm_exc_general_protection+0x26/0x30  \n ? usb_hub_adjust_deviceremovable+0x78/0x110  \n hub_probe+0x7c7/0xab0  \n usb_probe_interface+0x14b/0x350  \n really_probe+0xd0/0x2d0  \n ? __pfx___device_attach_driver+0x10/0x10  \n __driver_probe_device+0x6e/0x110  \n driver_probe_device+0x1a/0x90  \n __device_attach_driver+0x7e/0xc0  \n bus_for_each_drv+0x7f/0xd0  \n __device_attach+0xaa/0x1a0  \n bus_probe_device+0x8b/0xa0  \n device_add+0x62e/0x810  \n usb_set_configuration+0x65d/0x990  \n usb_generic_driver_probe+0x4b/0x70  \n usb_probe_device+0x36/0xd0  \n  \nThe cause of this error is that the device has two interfaces, and the  \nhub driver binds to interface 1 instead of interface 0, which is where  \nusb_hub_to_struct_hub() looks.  \n  \nWe can prevent the problem from occurring by refusing to accept hub  \ndevices that violate the USB spec by having more than one  \nconfiguration or interface. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T06:11:41.000000Z"}, {"uuid": "14752269-c456-496a-8788-161b5f9a2974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21775", "type": "seen", "source": "https://t.me/cvedetector/19016", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21775 - Linux Kernel: CAN: ctucanfd Skb Allocation Null Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2025-21775 \nPublished : Feb. 27, 2025, 3:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncan: ctucanfd: handle skb allocation failure  \n  \nIf skb allocation fails, the pointer to struct can_frame is NULL. This  \nis actually handled everywhere inside ctucan_err_interrupt() except for  \nthe only place.  \n  \nAdd the missed NULL check.  \n  \nFound by Linux Verification Center (linuxtesting.org) with SVACE static  \nanalysis tool. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T06:11:42.000000Z"}, {"uuid": "8a569e71-db04-4088-9b92-5935dac936a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21774", "type": "seen", "source": "https://t.me/cvedetector/19014", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21774 - \"Rockchip CAN FD Null Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2025-21774 \nPublished : Feb. 27, 2025, 3:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncan: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated  \n  \nFix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to  \nbail out if skb cannot be allocated. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T06:11:40.000000Z"}, {"uuid": "22f476cd-eb0b-48b3-8a79-fa67b819d260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2177", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7104", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2177\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.\n\ud83d\udccf Published: 2025-03-11T07:31:06.438Z\n\ud83d\udccf Modified: 2025-03-11T07:31:06.438Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299206\n2. https://vuldb.com/?ctiid.299206\n3. https://vuldb.com/?submit.512803\n4. https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf\n5. https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f\n6. https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44", "creation_timestamp": "2025-03-11T07:39:31.000000Z"}, {"uuid": "5ec8058f-56b5-462f-951d-ec9e97dae80d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2177", "type": "seen", "source": "Telegram/VmMuGE7Rb8M0CTKtbBCx8A-ZtXlhfTER7CBMGSEtWA4_Slk", "content": "", "creation_timestamp": "2025-03-11T09:31:03.000000Z"}]}