{"vulnerability": "cve-2025-2172", "sightings": [{"uuid": "b9c4230e-1bdf-4226-acc5-c78a59a57c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21727", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114074973849775371", "content": "", "creation_timestamp": "2025-02-27T08:46:03.816327Z"}, {"uuid": "32091452-c6ce-4583-b8f8-c7d76b78fa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsbybiyr7c2a", "content": "", "creation_timestamp": "2025-06-23T16:18:13.096122Z"}, {"uuid": "14574182-d13d-4905-a55a-448e928b924d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21728", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "70b59f28-0c3e-4829-92ac-c271b8023abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21724", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "ba6bc1d1-d6eb-46df-a5bf-0eead7d8b46a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lseesejnmc2a", "content": "", "creation_timestamp": "2025-06-24T15:07:46.627311Z"}, {"uuid": "a41e73fa-0b7b-44c3-81f3-9708e29de82d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lsdkoak7ob2m", "content": "", "creation_timestamp": "2025-06-24T07:20:08.031029Z"}, {"uuid": "0d020efb-5f75-4a0e-8ac2-e2b4af028b20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21720", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "944bc71b-4f25-4301-a3be-c9d1c6dc58d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhkuhc3x2p", "content": "", "creation_timestamp": "2025-08-13T09:00:00.144588Z"}, {"uuid": "b8e1bf9f-7bb3-4201-b7fc-35df1dcee1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "c33119a8-900c-447f-a8fe-97a4cae72fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21721", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "548e4e5a-0f97-4ea1-b419-cae42dd721ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21725", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "ac1c4422-24cf-4ec3-8255-784e0a0275be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21726", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3me6zzvrufd2z", "content": "", "creation_timestamp": "2026-02-06T13:45:16.545686Z"}, {"uuid": "d69444d2-73fe-4b3f-8c69-5270b5fee9b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21727", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "1a4ba014-fe96-49cc-a7ed-e600f65e9bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21723", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "5bf0ef7c-2cb8-46cf-a52b-d2116186f289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21726", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c435b582-cd39-4b55-9712-98ab4490dba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21720", "type": "seen", "source": "https://t.me/cvedetector/18986", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21720 - Linux Mlx5 Core Xfrm Offload Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21720 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nxfrm: delete intermediate secpath entry in packet offload mode  \n  \nPackets handled by hardware have added secpath as a way to inform XFRM  \ncore code that this path was already handled. That secpath is not needed  \nat all after policy is checked and it is removed later in the stack.  \n  \nHowever, in the case of IP forwarding is enabled (/proc/sys/net/ipv4/ip_forward),  \nthat secpath is not removed and packets which already were handled are reentered  \nto the driver TX path with xfrm_offload set.  \n  \nThe following kernel panic is observed in mlx5 in such case:  \n  \n mlx5_core 0000:04:00.0 enp4s0f0np0: Link up  \n mlx5_core 0000:04:00.1 enp4s0f1np1: Link up  \n Initializing XFRM netlink socket  \n IPsec XFRM device driver  \n BUG: kernel NULL pointer dereference, address: 0000000000000000  \n #PF: supervisor instruction fetch in kernel mode  \n #PF: error_code(0x0010) - not-present page  \n PGD 0 P4D 0  \n Oops: Oops: 0010 [#1] PREEMPT SMP  \n CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc1-alex #3  \n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014  \n RIP: 0010:0x0  \n Code: Unable to access opcode bytes at 0xffffffffffffffd6.  \n RSP: 0018:ffffb87380003800 EFLAGS: 00010206  \n RAX: ffff8df004e02600 RBX: ffffb873800038d8 RCX: 00000000ffff98cf  \n RDX: ffff8df00733e108 RSI: ffff8df00521fb80 RDI: ffff8df001661f00  \n RBP: ffffb87380003850 R08: ffff8df013980000 R09: 0000000000000010  \n R10: 0000000000000002 R11: 0000000000000002 R12: ffff8df001661f00  \n R13: ffff8df00521fb80 R14: ffff8df00733e108 R15: ffff8df011faf04e  \n FS:  0000000000000000(0000) GS:ffff8df46b800000(0000) knlGS:0000000000000000  \n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n CR2: ffffffffffffffd6 CR3: 0000000106384000 CR4: 0000000000350ef0  \n Call Trace:  \n    \n  ? show_regs+0x63/0x70  \n  ? __die_body+0x20/0x60  \n  ? __die+0x2b/0x40  \n  ? page_fault_oops+0x15c/0x550  \n  ? do_user_addr_fault+0x3ed/0x870  \n  ? exc_page_fault+0x7f/0x190  \n  ? asm_exc_page_fault+0x27/0x30  \n  mlx5e_ipsec_handle_tx_skb+0xe7/0x2f0 [mlx5_core]  \n  mlx5e_xmit+0x58e/0x1980 [mlx5_core]  \n  ? __fib_lookup+0x6a/0xb0  \n  dev_hard_start_xmit+0x82/0x1d0  \n  sch_direct_xmit+0xfe/0x390  \n  __dev_queue_xmit+0x6d8/0xee0  \n  ? __fib_lookup+0x6a/0xb0  \n  ? internal_add_timer+0x48/0x70  \n  ? mod_timer+0xe2/0x2b0  \n  neigh_resolve_output+0x115/0x1b0  \n  __neigh_update+0x26a/0xc50  \n  neigh_update+0x14/0x20  \n  arp_process+0x2cb/0x8e0  \n  ? __napi_build_skb+0x5e/0x70  \n  arp_rcv+0x11e/0x1c0  \n  ? dev_gro_receive+0x574/0x820  \n  __netif_receive_skb_list_core+0x1cf/0x1f0  \n  netif_receive_skb_list_internal+0x183/0x2a0  \n  napi_complete_done+0x76/0x1c0  \n  mlx5e_napi_poll+0x234/0x7a0 [mlx5_core]  \n  __napi_poll+0x2d/0x1f0  \n  net_rx_action+0x1a6/0x370  \n  ? atomic_notifier_call_chain+0x3b/0x50  \n  ? irq_int_handler+0x15/0x20 [mlx5_core]  \n  handle_softirqs+0xb9/0x2f0  \n  ? handle_irq_event+0x44/0x60  \n  irq_exit_rcu+0xdb/0x100  \n  common_interrupt+0x98/0xc0  \n    \n    \n  asm_common_interrupt+0x27/0x40  \n RIP: 0010:pv_native_safe_halt+0xb/0x10  \n Code: 09 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 22  \n 0f 1f 84 00 00 00 00 00 90 eb 07 0f 00 2d 7f e9 36 00 fb  \n40 00 83 ff 07 77 21 89 ff ff 24 fd 88 3d a1 bd 0f 21 f8  \n RSP: 0018:ffffffffbe603de8 EFLAGS: 00000202  \n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000f92f46680  \n RDX: 0000000000000037 RSI: 00000000ffffffff RDI: 00000000000518d4  \n RBP: ffffffffbe603df0 R08: 000000cd42e4dffb R09: ffffffffbe603d70  \n R10: 0000004d80d62680 R11: 0000000000000001 R12: ffffffffbe60bf40  \n R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffbe60aff8  \n  ? default_idle+0x9/0x20  \n  arch_cpu_idle+0x9/0x10  \n  default_idle_call+0x29/0xf0  \n  do_idle+0x1f2/0[...]", "creation_timestamp": "2025-02-27T04:30:23.000000Z"}, {"uuid": "84f3e1d7-c1af-4dc9-8495-0fbf303ca207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21729", "type": "seen", "source": "https://t.me/cvedetector/18981", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21729 - \"Realtek WiFi rtw89: Null Pointer Deref and Use-After-Free Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21729 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion  \n  \nThe rtwdev->scanning flag isn't protected by mutex originally, so  \ncancel_hw_scan can pass the condition, but suddenly hw_scan completion  \nunset the flag and calls ieee80211_scan_completed() that will free  \nlocal->hw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and  \nuse-after-free. Fix it by moving the check condition to where  \nprotected by mutex.  \n  \n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]  \n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G           OE  \n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019  \n Workqueue: events cfg80211_conn_work [cfg80211]  \n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]  \n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d  \n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206  \n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001  \n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089  \n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000  \n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960  \n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000  \n FS:  0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000  \n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0  \n Call Trace:  \n    \n  ? show_regs+0x61/0x73  \n  ? __die_body+0x20/0x73  \n  ? die_addr+0x4f/0x7b  \n  ? exc_general_protection+0x191/0x1db  \n  ? asm_exc_general_protection+0x27/0x30  \n  ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]  \n  ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]  \n  ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]  \n  ? do_raw_spin_lock+0x75/0xdb  \n  ? __pfx_do_raw_spin_lock+0x10/0x10  \n  rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]  \n  ? _raw_spin_unlock+0xe/0x24  \n  ? __mutex_lock.constprop.0+0x40c/0x471  \n  ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]  \n  ? __mutex_lock_slowpath+0x13/0x1f  \n  ? mutex_lock+0xa2/0xdc  \n  ? __pfx_mutex_lock+0x10/0x10  \n  rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]  \n  rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]  \n  ieee80211_scan_cancel+0x468/0x4d0 [mac80211]  \n  ieee80211_prep_connection+0x858/0x899 [mac80211]  \n  ieee80211_mgd_auth+0xbea/0xdde [mac80211]  \n  ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]  \n  ? cfg80211_find_elem+0x15/0x29 [cfg80211]  \n  ? is_bss+0x1b7/0x1d7 [cfg80211]  \n  ieee80211_auth+0x18/0x27 [mac80211]  \n  cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]  \n  cfg80211_conn_do_work+0x410/0xb81 [cfg80211]  \n  ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]  \n  ? __kasan_check_read+0x11/0x1f  \n  ? psi_group_change+0x8bc/0x944  \n  ? __kasan_check_write+0x14/0x22  \n  ? mutex_lock+0x8e/0xdc  \n  ? __pfx_mutex_lock+0x10/0x10  \n  ? __pfx___radix_tree_lookup+0x10/0x10  \n  cfg80211_conn_work+0x245/0x34d [cfg80211]  \n  ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]  \n  ? update_cfs_rq_load_avg+0x3bc/0x3d7  \n  ? sched_clock_noinstr+0x9/0x1a  \n  ? sched_clock+0x10/0x24  \n  ? sched_clock_cpu+0x7e/0x42e  \n  ? newidle_balance+0x796/0x937  \n  ? __pfx_sched_clock_cpu+0x10/0x10  \n  ? __pfx_newidle_balance+0x10/0x10  \n  ? __kasan_check_read+0x11/0x1f  \n  ? psi_group_change+0x8bc/0x944  \n  ? _raw_spin_unlock+0xe/0x24  \n  ? raw_spin_rq_unlock+0x47/0x54  \n  ? raw_spin_rq_unlock_irq+0x9/0x1f  \n  ? finish_task_switch.isra.0+0x347/0x586  \n  ? __schedule+0x27bf/0x2892  \n  ? mutex_unlock+0x80/0xd0  \n  ? do_raw_spin_lock+0x75/0xdb  \n  ? __pfx___schedule+0x10/0x10  \n  process_scheduled_works+0x58c/0x821  \n  worker_thread+0x4c7/0x586  \n  ? __kasan_check_read+0x11/0x1f  \n [...]", "creation_timestamp": "2025-02-27T04:30:16.000000Z"}, {"uuid": "19ec3410-2241-409e-827b-56e2bfad4da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21728", "type": "seen", "source": "https://t.me/cvedetector/18980", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21728 - Linux Kernel BPF Signal Injection Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21728 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf: Send signals asynchronously if !preemptible  \n  \nBPF programs can execute in all kinds of contexts and when a program  \nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,  \nit will cause issues because this kfunc can sleep.  \nChange `irqs_disabled()` to `!preemptible()`. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:15.000000Z"}, {"uuid": "a695b7d1-7241-47b5-9da7-b4d49f1271cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21723", "type": "seen", "source": "https://t.me/cvedetector/18993", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21723 - Linux Kernel mpi3mr NULL Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21723 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nscsi: mpi3mr: Fix possible crash when setting up bsg fails  \n  \nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.  \nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc->bsg_queue)\"  \nwill not be satisfied, preventing execution from entering  \nbsg_remove_queue(), which could lead to the following crash:  \n  \nBUG: kernel NULL pointer dereference, address: 000000000000041c  \nCall Trace:  \n    \n  mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]  \n  mpi3mr_remove+0x6f/0x340 [mpi3mr]  \n  pci_device_remove+0x3f/0xb0  \n  device_release_driver_internal+0x19d/0x220  \n  unbind_store+0xa4/0xb0  \n  kernfs_fop_write_iter+0x11f/0x200  \n  vfs_write+0x1fc/0x3e0  \n  ksys_write+0x67/0xe0  \n  do_syscall_64+0x38/0x80  \n  entry_SYSCALL_64_after_hwframe+0x78/0xe2 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:31.000000Z"}, {"uuid": "a60fc798-e8b1-479d-9f38-a1dcd926df29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21727", "type": "seen", "source": "https://t.me/cvedetector/18979", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21727 - Linux Kernel padata UAF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21727 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \npadata: fix UAF in padata_reorder  \n  \nA bug was found when run ltp test:  \n  \nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0  \nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206  \n  \nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+  \nWorkqueue: pdecrypt_parallel padata_parallel_worker  \nCall Trace:  \n  \ndump_stack_lvl+0x32/0x50  \nprint_address_description.constprop.0+0x6b/0x3d0  \nprint_report+0xdd/0x2c0  \nkasan_report+0xa5/0xd0  \npadata_find_next+0x29/0x1a0  \npadata_reorder+0x131/0x220  \npadata_parallel_worker+0x3d/0xc0  \nprocess_one_work+0x2ec/0x5a0  \n  \nIf 'mdelay(10)' is added before calling 'padata_find_next' in the  \n'padata_reorder' function, this issue could be reproduced easily with  \nltp test (pcrypt_aead01).  \n  \nThis can be explained as bellow:  \n  \npcrypt_aead_encrypt  \n...  \npadata_do_parallel  \nrefcount_inc(&pd->refcnt); // add refcnt  \n...  \npadata_do_serial  \npadata_reorder // pd  \nwhile (1) {  \npadata_find_next(pd, true); // using pd  \nqueue_work_on  \n...  \npadata_serial_worker    crypto_del_alg  \npadata_put_pd_cnt // sub refcnt  \n      padata_free_shell  \n      padata_put_pd(ps->pd);  \n      // pd is freed  \n// loop again, but pd is freed  \n// call padata_find_next, UAF  \n}  \n  \nIn the padata_reorder function, when it loops in 'while', if the alg is  \ndeleted, the refcnt may be decreased to 0 before entering  \n'padata_find_next', which leads to UAF.  \n  \nAs mentioned in [1], do_serial is supposed to be called with BHs disabled  \nand always happen under RCU protection, to address this issue, add  \nsynchronize_rcu() in 'padata_free_shell' wait for all _do_serial calls  \nto finish.  \n  \n[1]   \n[2]  \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:11.000000Z"}, {"uuid": "5ba372f3-b3ca-4c00-ab5e-2864cf413767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21725", "type": "seen", "source": "https://t.me/cvedetector/18978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21725 - In the Linux kernel, the following vulnerability h\", \n  \"Content\": \"CVE ID : CVE-2025-21725 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsmb: client: fix oops due to unset link speed  \n  \nIt isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always  \nbe set by the server, so the client must handle any values and then  \nprevent oopses like below from happening:  \n  \nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI  \nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2  \nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41  \n04/01/2014  \nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48  \n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8  \ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 <48f7 74 24 18 48 89  \nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24  \nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246  \nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99  \nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228  \nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac  \nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200  \nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58  \nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)  \nknlGS:0000000000000000  \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0  \nPKRU: 55555554  \nCall Trace:  \n   \n ? __die_body.cold+0x19/0x27  \n ? die+0x2e/0x50  \n ? do_trap+0x159/0x1b0  \n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]  \n ? do_error_trap+0x90/0x130  \n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]  \n ? exc_divide_error+0x39/0x50  \n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]  \n ? asm_exc_divide_error+0x1a/0x20  \n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]  \n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]  \n ? seq_read_iter+0x42e/0x790  \n seq_read_iter+0x19a/0x790  \n proc_reg_read_iter+0xbe/0x110  \n ? __pfx_proc_reg_read_iter+0x10/0x10  \n vfs_read+0x469/0x570  \n ? do_user_addr_fault+0x398/0x760  \n ? __pfx_vfs_read+0x10/0x10  \n ? find_held_lock+0x8a/0xa0  \n ? __pfx_lock_release+0x10/0x10  \n ksys_read+0xd3/0x170  \n ? __pfx_ksys_read+0x10/0x10  \n ? __rcu_read_unlock+0x50/0x270  \n ? mark_held_locks+0x1a/0x90  \n do_syscall_64+0xbb/0x1d0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \nRIP: 0033:0x7fe271288911  \nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8  \n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 <483d  \n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec  \nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000  \nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911  \nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003  \nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380  \nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000  \nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000  \n   \n  \nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)  \nby default when link speed is unset. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:11.000000Z"}, {"uuid": "720afb48-f268-4722-974b-7c87f62b4570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21726", "type": "seen", "source": "https://t.me/cvedetector/18977", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21726 - Linux Kernel padata Reorder Work Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21726 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \npadata: avoid UAF for reorder_work  \n  \nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it  \ncan not avoid potential UAF issue for reorder_work. This issue can  \nhappen just as below:  \n  \ncrypto_request   crypto_request  crypto_del_alg  \npadata_do_serial  \n  ...  \n  padata_reorder  \n    // processes all remaining  \n    // requests then breaks  \n    while (1) {  \n      if (!padata)  \n        break;  \n      ...  \n    }  \n  \n    padata_do_serial  \n      // new request added  \n      list_add  \n    // sees the new request  \n    queue_work(reorder_work)  \n      padata_reorder  \n        queue_work_on(squeue->work)  \n...  \n  \n      \n    padata_serial_worker  \n    // completes new request,  \n    // no more outstanding  \n    // requests  \n  \n       crypto_del_alg  \n         // free pd  \n  \n  \ninvoke_padata_reorder  \n  // UAF of pd  \n  \nTo avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work'  \ninto the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:10.000000Z"}, {"uuid": "7ce94a97-6096-49e7-b0f5-26e48c3c19f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21724", "type": "seen", "source": "https://t.me/cvedetector/18975", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21724 - Linux kernel: iommufd/iova_bitmap UBSAN Shift Out-of-Bounds\", \n  \"Content\": \"CVE ID : CVE-2025-21724 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()  \n  \nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()  \nwhere shifting the constant \"1\" (of type int) by bitmap->mapped.pgshift  \n(an unsigned long value) could result in undefined behavior.  \n  \nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds  \n31 (e.g., pgshift = 63) the shift operation overflows, as the result  \ncannot be represented in a 32-bit type.  \n  \nTo resolve this, the constant is updated to \"1UL\", promoting it to an  \nunsigned long type to match the operand's type. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:08.000000Z"}, {"uuid": "08966e13-0333-4d75-8973-5631830f7c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "https://t.me/cvedetector/18989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21722 - Linux Nilfs2 Use-After-Free and Buffer State Inconsistency\", \n  \"Content\": \"CVE ID : CVE-2025-21722 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnilfs2: do not force clear folio if buffer is referenced  \n  \nPatch series \"nilfs2: protect busy buffer heads from being force-cleared\".  \n  \nThis series fixes the buffer head state inconsistency issues reported by  \nsyzbot that occurs when the filesystem is corrupted and falls back to  \nread-only, and the associated buffer head use-after-free issue.  \n  \n  \nThis patch (of 2):  \n  \nSyzbot has reported that after nilfs2 detects filesystem corruption and  \nfalls back to read-only, inconsistencies in the buffer state may occur.  \n  \nOne of the inconsistencies is that when nilfs2 calls mark_buffer_dirty()  \nto set a data or metadata buffer as dirty, but it detects that the buffer  \nis not in the uptodate state:  \n  \n WARNING: CPU: 0 PID: 6049 at fs/buffer.c:1177 mark_buffer_dirty+0x2e5/0x520  \n  fs/buffer.c:1177  \n ...  \n Call Trace:  \n    \n  nilfs_palloc_commit_alloc_entry+0x4b/0x160 fs/nilfs2/alloc.c:598  \n  nilfs_ifile_create_inode+0x1dd/0x3a0 fs/nilfs2/ifile.c:73  \n  nilfs_new_inode+0x254/0x830 fs/nilfs2/inode.c:344  \n  nilfs_mkdir+0x10d/0x340 fs/nilfs2/namei.c:218  \n  vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257  \n  do_mkdirat+0x264/0x3a0 fs/namei.c:4280  \n  __do_sys_mkdirat fs/namei.c:4295 [inline]  \n  __se_sys_mkdirat fs/namei.c:4293 [inline]  \n  __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293  \n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83  \n  entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nThe other is when nilfs_btree_propagate(), which propagates the dirty  \nstate to the ancestor nodes of a b-tree that point to a dirty buffer,  \ndetects that the origin buffer is not dirty, even though it should be:  \n  \n WARNING: CPU: 0 PID: 5245 at fs/nilfs2/btree.c:2089  \n  nilfs_btree_propagate+0xc79/0xdf0 fs/nilfs2/btree.c:2089  \n ...  \n Call Trace:  \n    \n  nilfs_bmap_propagate+0x75/0x120 fs/nilfs2/bmap.c:345  \n  nilfs_collect_file_data+0x4d/0xd0 fs/nilfs2/segment.c:587  \n  nilfs_segctor_apply_buffers+0x184/0x340 fs/nilfs2/segment.c:1006  \n  nilfs_segctor_scan_file+0x28c/0xa50 fs/nilfs2/segment.c:1045  \n  nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1216 [inline]  \n  nilfs_segctor_collect fs/nilfs2/segment.c:1540 [inline]  \n  nilfs_segctor_do_construct+0x1c28/0x6b90 fs/nilfs2/segment.c:2115  \n  nilfs_segctor_construct+0x181/0x6b0 fs/nilfs2/segment.c:2479  \n  nilfs_segctor_thread_construct fs/nilfs2/segment.c:2587 [inline]  \n  nilfs_segctor_thread+0x69e/0xe80 fs/nilfs2/segment.c:2701  \n  kthread+0x2f0/0x390 kernel/kthread.c:389  \n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147  \n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244  \n    \n  \nBoth of these issues are caused by the callbacks that handle the  \npage/folio write requests, forcibly clear various states, including the  \nworking state of the buffers they hold, at unexpected times when they  \ndetect read-only fallback.  \n  \nFix these issues by checking if the buffer is referenced before clearing  \nthe page/folio state, and skipping the clear if it is. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:25.000000Z"}, {"uuid": "351e6c64-a4bd-419d-a6ce-f7787c2302bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21721", "type": "seen", "source": "https://t.me/cvedetector/18988", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21721 - Linux Nilfs2 Directory Manipulation Error Handling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21721 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnilfs2: handle errors that nilfs_prepare_chunk() may return  \n  \nPatch series \"nilfs2: fix issues with rename operations\".  \n  \nThis series fixes BUG_ON check failures reported by syzbot around rename  \noperations, and a minor behavioral issue where the mtime of a child  \ndirectory changes when it is renamed instead of moved.  \n  \n  \nThis patch (of 2):  \n  \nThe directory manipulation routines nilfs_set_link() and  \nnilfs_delete_entry() rewrite the directory entry in the folio/page  \npreviously read by nilfs_find_entry(), so error handling is omitted on the  \nassumption that nilfs_prepare_chunk(), which prepares the buffer for  \nrewriting, will always succeed for these.  And if an error is returned, it  \ntriggers the legacy BUG_ON() checks in each routine.  \n  \nThis assumption is wrong, as proven by syzbot: the buffer layer called by  \nnilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may  \nfail due to metadata corruption or other reasons.  This has been there all  \nalong, but improved sanity checks and error handling may have made it more  \nreproducible in fuzzing tests.  \n  \nFix this issue by adding missing error paths in nilfs_set_link(),  \nnilfs_delete_entry(), and their caller nilfs_rename(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:25.000000Z"}, {"uuid": "72ba9383-3041-4d81-9fe8-c435a2f68dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21728", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5637", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21728\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.\n\ud83d\udccf Published: 2025-02-27T02:07:34.114Z\n\ud83d\udccf Modified: 2025-02-27T02:07:34.114Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/be42a09fe898635b0093c0c8dac1bfabe225c240\n2. https://git.kernel.org/stable/c/eeef8e65041a031bd8a747a392c14b76a123a12c\n3. https://git.kernel.org/stable/c/78b97783496b454435639937db3303e900a24d3f\n4. https://git.kernel.org/stable/c/092fc76b7ab4163e008f9cde596a58dad2108260\n5. https://git.kernel.org/stable/c/87c544108b612512b254c8f79aa5c0a8546e2cc4", "creation_timestamp": "2025-02-27T02:25:21.000000Z"}, {"uuid": "f4e3ea74-9303-4fe2-ab0f-4a362f142b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "published-proof-of-concept", "source": "Telegram/S7RPzkaVu9rMwdZrCAlLyJw5bBMvrbhCFuoMTi2UNDrM6ko", "content": "", "creation_timestamp": "2025-06-23T15:31:00.000000Z"}, {"uuid": "21066c5f-f81f-4a65-a046-81f4fa462af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21721", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5639", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21721\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle errors that nilfs_prepare_chunk() may return\n\nPatch series \"nilfs2: fix issues with rename operations\".\n\nThis series fixes BUG_ON check failures reported by syzbot around rename\noperations, and a minor behavioral issue where the mtime of a child\ndirectory changes when it is renamed instead of moved.\n\n\nThis patch (of 2):\n\nThe directory manipulation routines nilfs_set_link() and\nnilfs_delete_entry() rewrite the directory entry in the folio/page\npreviously read by nilfs_find_entry(), so error handling is omitted on the\nassumption that nilfs_prepare_chunk(), which prepares the buffer for\nrewriting, will always succeed for these.  And if an error is returned, it\ntriggers the legacy BUG_ON() checks in each routine.\n\nThis assumption is wrong, as proven by syzbot: the buffer layer called by\nnilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may\nfail due to metadata corruption or other reasons.  This has been there all\nalong, but improved sanity checks and error handling may have made it more\nreproducible in fuzzing tests.\n\nFix this issue by adding missing error paths in nilfs_set_link(),\nnilfs_delete_entry(), and their caller nilfs_rename().\n\ud83d\udccf Published: 2025-02-27T02:07:29.784Z\n\ud83d\udccf Modified: 2025-02-27T02:07:29.784Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/eddd3176b8c4c83a46ab974574cda7c3dfe09388\n2. https://git.kernel.org/stable/c/481136234dfe96c7f92770829bec6111c7c5f5dd\n3. https://git.kernel.org/stable/c/ee70999a988b8abc3490609142f50ebaa8344432", "creation_timestamp": "2025-02-27T02:25:25.000000Z"}, {"uuid": "69e12a37-2334-4869-aa97-13e28be4c7d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21724", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5638", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21724\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap->mapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand's type.\n\ud83d\udccf Published: 2025-02-27T02:07:31.630Z\n\ud83d\udccf Modified: 2025-02-27T02:07:31.630Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3\n2. https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9\n3. https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe\n4. https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6\n5. https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c", "creation_timestamp": "2025-02-27T02:25:23.000000Z"}, {"uuid": "1a049d35-6453-4701-8c72-bb022986e4e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2172\n\ud83d\udd25 CVSS Score: 7.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames\n\ud83d\udccf Published: 2025-06-23T14:01:19.310Z\n\ud83d\udccf Modified: 2025-06-23T14:01:19.310Z\n\ud83d\udd17 References:\n1. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md\n2. https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller", "creation_timestamp": "2025-06-23T14:45:34.000000Z"}, {"uuid": "427819de-a8cf-4421-97f2-0fc2f814c202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21726", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260511", "content": "", "creation_timestamp": "2026-05-10T18:00:00.000000Z"}]}