{"vulnerability": "cve-2025-2183", "sightings": [{"uuid": "11f5d9fe-4c5f-4565-b0c3-ffde2a1896b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21837", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljrxr3i5ik2f", "content": "", "creation_timestamp": "2025-03-07T12:04:53.323827Z"}, {"uuid": "1c2c2205-a701-47b4-9bfa-8a4cfeb0c417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21835", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljrxr4illc2f", "content": "", "creation_timestamp": "2025-03-07T12:04:55.566568Z"}, {"uuid": "d4243183-ee10-4c15-81dc-bbb003bae73a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21835", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3ljrxuybpw32n", "content": "", "creation_timestamp": "2025-03-07T12:07:05.830499Z"}, {"uuid": "51d69641-fb5f-4641-9112-64a2db4a9f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21830", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljqbkhlqjq2h", "content": "", "creation_timestamp": "2025-03-06T19:54:50.937007Z"}, {"uuid": "c648c794-3c27-42dd-b095-92dfaa74dbbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21836", "type": "seen", "source": "https://bsky.app/profile/0xor0ne.bsky.social/post/3lo4gjc5bkk2f", "content": "", "creation_timestamp": "2025-05-01T13:36:25.534167Z"}, {"uuid": "73ad0662-199a-4607-b605-95039934c43b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://pretalx.com/hack-lu-2025/talk/XDHVWE/", "content": "", "creation_timestamp": "2025-10-24T07:06:48.039978Z"}, {"uuid": "22a3287e-074d-4864-8e5e-dc48230095e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115022455470697008", "content": "", "creation_timestamp": "2025-08-13T16:43:06.544496Z"}, {"uuid": "2b115f7f-b525-4b6e-90b2-a6e723968b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://security.paloaltonetworks.com/CVE-2025-2183", "content": "", "creation_timestamp": "2025-08-13T14:00:00.000000Z"}, {"uuid": "7c55d11b-092a-4cd4-9846-00ee926a2e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://bsky.app/profile/ripjyr.bsky.social/post/3lwcjc2ghjk2k", "content": "", "creation_timestamp": "2025-08-13T19:03:31.421588Z"}, {"uuid": "4dff7d58-a1c4-47a8-aa2e-dca03d02ba82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://bsky.app/profile/fisjkars.bsky.social/post/3lwesvcpkcc2q", "content": "", "creation_timestamp": "2025-08-14T17:00:43.427919Z"}, {"uuid": "611f3137-8f9f-47a3-881e-67b4c49a834b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:23.000000Z"}, {"uuid": "3c70d435-a61b-4127-8ce5-98594579871b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:23.000000Z"}, {"uuid": "ac970dc2-1eb7-496a-b014-74adf8260572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2183", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lwpcalvyes2p", "content": "", "creation_timestamp": "2025-08-18T21:02:03.905927Z"}, {"uuid": "dc102248-6220-42ea-bf41-1e092c11df87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:43.000000Z"}, {"uuid": "8f49fe6f-eda6-4a40-9f73-0cb3c65d3269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:43.000000Z"}, {"uuid": "dd7f2104-21ee-46a3-9b97-c029ac032a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21836", "type": "seen", "source": "https://bsky.app/profile/linkersec.bsky.social/post/3m7brj7p3j22n", "content": "", "creation_timestamp": "2025-12-06T00:44:49.242135Z"}, {"uuid": "20a57aad-8a33-4c5d-9e6c-5e501ca798ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "75ca6876-4d84-497d-8cd5-7c9c4db14984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21832", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "9fa73962-083a-4491-afbc-fc5aa9875829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "3cdb9760-f994-448b-ac65-1738990eb752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21838", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "89cde35a-d706-42e8-91e6-62bd23d50a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "7cce6715-1538-4cd6-8b85-0077b9801a1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21838", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "78daadb7-179c-40a5-859f-624c2f685aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "18292b4e-ba2c-444e-8c28-62453358fac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"}, {"uuid": "0e095015-ff4b-4cdf-ae35-d21744ffefed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21837", "type": "seen", "source": "https://t.me/cvedetector/19817", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21837 - Linux Kernel io_uring SQE Copying Information Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21837 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nio_uring/uring_cmd: unconditionally copy SQEs at prep time \n \nThis isn't generally necessary, but conditions have been observed where \nSQE data is accessed from the original SQE after prep has been done and \noutside of the initial issue. Opcode prep handlers must ensure that any \nSQE related data is stable beyond the prep phase, but uring_cmd is a bit \nspecial in how it handles the SQE which makes it susceptible to reading \nstale data. If the application has reused the SQE before the original \ncompletes, then that can lead to data corruption. \n \nDown the line we can relax this again once uring_cmd has been sanitized \na bit, and avoid unnecessarily copying the SQE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:58.000000Z"}, {"uuid": "3fef1ea3-567c-4125-a85c-a277001dc75f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21839", "type": "seen", "source": "https://t.me/cvedetector/19814", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21839 - KVM Linux Kernel DR6 Load Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21839 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop \n \nMove the conditional loading of hardware DR6 with the guest's DR6 value \nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware \nwith a stale vcpu->arch.dr6. \n \nWhen the guest accesses a DR and host userspace isn't debugging the guest, \nKVM disables DR interception and loads the guest's values into hardware on \nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs \nat will, e.g. so that a sequence of DR accesses to configure a breakpoint \nonly generates one VM-Exit. \n \nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also \nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) \nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading \nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. \n \nBut for DR6, the guest's value doesn't need to be loaded into hardware for \nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas \nVMX requires software to manually load the guest value, and so loading the \nguest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done \n_inside_ the core run loop. \n \nUnfortunately, saving the guest values on VM-Exit is initiated by common \nx86, again outside of the core run loop. If the guest modifies DR6 (in \nhardware, when DR interception is disabled), and then the next VM-Exit is \na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and \nclobber the guest's actual value. \n \nThe bug shows up primarily with nested VMX because KVM handles the VMX \npreemption timer in the fastpath, and the window between hardware DR6 \nbeing modified (in guest context) and DR6 being read by guest software is \norders of magnitude larger in a nested setup. E.g. in non-nested, the \nVMX preemption timer would need to fire precisely between #DB injection \nand the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the \nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing \nDR6 to VMRESUME (in L1). \n \n L1's view: \n ========== \n \n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 \n A: L1 Writes DR6 \n CPU 0/KVM-7289 [023] d.... 2925.640963: : Set DRs, DR6 = 0xffff0ff1 \n \n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec \n \n D: L1 reads DR6, arch.dr6 = 0 \n CPU 0/KVM-7289 [023] d.... 2925.640969: : Sync DRs, DR6 = 0xffff0ff0 \n \n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 \n L2 reads DR6, L1 disables DR interception \n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 \n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 \n \n CPU 0/KVM-7289 [023] d.... 2925.640983: : Set DRs, DR6 = 0xffff0ff0 \n \n L2 detects failure \n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT \n L1 reads DR6 (confirms failure) \n CPU 0/KVM-7289 [023] d.... 2925.640990: : Sync DRs, DR6 = 0xffff0ff0 \n \n L0's view: \n ========== \n L2 reads DR6, arch.dr6 = 0 \n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 \n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 \n \n L2 => L1 nested VM-Exit \n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 \n \n CPU 23/KVM-5046 [001] d.... [...]", "creation_timestamp": "2025-03-07T12:25:55.000000Z"}, {"uuid": "ed1f35c0-6551-447c-bc4e-992a4ff26f92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21838", "type": "seen", "source": "https://t.me/cvedetector/19813", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21838 - \"Linux USB Gadget Workqueue Queue Flush Denial of Service\"\", \n \"Content\": \"CVE ID : CVE-2025-21838 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nusb: gadget: core: flush gadget workqueue after device removal \n \ndevice_del() can lead to new work being scheduled in gadget->work \nworkqueue. This is observed, for example, with the dwc3 driver with the \nfollowing call stack: \n device_del() \n gadget_unbind_driver() \n usb_gadget_disconnect_locked() \n dwc3_gadget_pullup() \n dwc3_gadget_soft_disconnect() \n usb_gadget_set_state() \n schedule_work(&gadget->work) \n \nMove flush_work() after device_del() to ensure the workqueue is cleaned \nup. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:54.000000Z"}, {"uuid": "1bde37ff-7c64-4e41-bc96-8ca27308161b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21836", "type": "seen", "source": "https://t.me/cvedetector/19812", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21836 - Linux Kernel IoUring Buffer Reuse Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21836 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nio_uring/kbuf: reallocate buf lists on upgrade \n \nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it \nwas created for legacy selected buffer and has been emptied. It violates \nthe requirement that most of the field should stay stable after publish. \nAlways reallocate it instead. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:54.000000Z"}, {"uuid": "123be88f-8a19-4dc9-8d60-fc9bd5e11eaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21835", "type": "seen", "source": "https://t.me/cvedetector/19811", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21835 - Linux USB Gadget MIDI Streaming Uninitialized Stack Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21835 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths \n \nWhile the MIDI jacks are configured correctly, and the MIDIStreaming \nendpoint descriptors are filled with the correct information, \nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors. \n \nThis does not matter when the numbers of in and out ports are equal, but \nwhen they differ the host will receive broken descriptors with \nuninitialized stack memory leaking into the descriptor for whichever \nvalue is smaller. \n \nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly \ndefined and can be confusing. But elsewhere the driver consistently \nuses this to match the USB meaning of IN and OUT viewed from the host, \nso that \"in\" ports send data to the host and \"out\" ports receive data \nfrom it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:52.000000Z"}, {"uuid": "f8cd2d77-5c73-4b36-a86a-9a594589c151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6705", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21831\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won't be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.\n\ud83d\udccf Published: 2025-03-06T16:22:33.443Z\n\ud83d\udccf Modified: 2025-03-06T16:22:33.443Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8852e056e297df1d8635ee7504e780d3184e45d0\n2. https://git.kernel.org/stable/c/5ee3dd6e59b834e4d66e8b16fc684749ee40a257\n3. https://git.kernel.org/stable/c/a78dfe50fffe6058afed2bb04c50c2c9a16664ee\n4. https://git.kernel.org/stable/c/b1049f2d68693c80a576c4578d96774a68df2bad", "creation_timestamp": "2025-03-06T16:34:06.000000Z"}, {"uuid": "42a84cbf-5a59-479c-96cc-f24f48b51e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21832", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6704", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21832\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don't revert for -EIOCBQUEUED, like what is done in other\nspots.\n\ud83d\udccf Published: 2025-03-06T16:22:34.125Z\n\ud83d\udccf Modified: 2025-03-06T16:22:34.125Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb\n2. https://git.kernel.org/stable/c/84671b0630ccb46ae9f1f99a45c7d63ffcd6a474\n3. https://git.kernel.org/stable/c/68f16d3034a06661245ecd22f0d586a8b4e7c473\n4. https://git.kernel.org/stable/c/a58f136bad29f9ae721a29d98c042fddbee22f77\n5. https://git.kernel.org/stable/c/b13ee668e8280ca5b07f8ce2846b9957a8a10853", "creation_timestamp": "2025-03-06T16:34:02.000000Z"}, {"uuid": "e2a8f0b5-cd8c-424c-9c47-26f3f222e9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6703", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21833\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.\n\ud83d\udccf Published: 2025-03-06T16:22:34.798Z\n\ud83d\udccf Modified: 2025-03-06T16:22:34.798Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d\n2. https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b", "creation_timestamp": "2025-03-06T16:34:01.000000Z"}, {"uuid": "487a528c-258d-446d-bf34-b087027f9997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21834", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nseccomp: passthrough uretprobe systemcall without filtering\n\nWhen attaching uretprobes to processes running inside docker, the attached\nprocess is segfaulted when encountering the retprobe.\n\nThe reason is that now that uretprobe is a system call the default seccomp\nfilters in docker block it as they only allow a specific set of known\nsyscalls. This is true for other userspace applications which use seccomp\nto control their syscall surface.\n\nSince uretprobe is a \"kernel implementation detail\" system call which is\nnot used by userspace application code directly, it is impractical and\nthere's very little point in forcing all userspace applications to\nexplicitly allow it in order to avoid crashing tracked processes.\n\nPass this systemcall through seccomp without depending on configuration.\n\nNote: uretprobe is currently only x86_64 and isn't expected to ever be\nsupported in i386.\n\n[kees: minimized changes for easier backporting, tweaked commit log]\n\ud83d\udccf Published: 2025-03-06T16:22:35.490Z\n\ud83d\udccf Modified: 2025-03-06T16:22:35.490Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5a262628f4cf2437d863fe41f9d427177b87664c\n2. https://git.kernel.org/stable/c/fa80018aa5be10c35e9fa896b7b4061a8dce3eed\n3. https://git.kernel.org/stable/c/cf6cb56ef24410fb5308f9655087f1eddf4452e6", "creation_timestamp": "2025-03-06T16:34:00.000000Z"}, {"uuid": "2c83fe6e-fb83-4f0e-88ad-651b0cf0e06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21832", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15903", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21832\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don't revert for -EIOCBQUEUED, like what is done in other\nspots.\n\ud83d\udccf Published: 2025-03-06T16:22:34.125Z\n\ud83d\udccf Modified: 2025-05-10T16:48:42.602Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb\n2. https://git.kernel.org/stable/c/84671b0630ccb46ae9f1f99a45c7d63ffcd6a474\n3. https://git.kernel.org/stable/c/68f16d3034a06661245ecd22f0d586a8b4e7c473\n4. https://git.kernel.org/stable/c/a58f136bad29f9ae721a29d98c042fddbee22f77\n5. https://git.kernel.org/stable/c/b13ee668e8280ca5b07f8ce2846b9957a8a10853", "creation_timestamp": "2025-05-10T17:38:12.000000Z"}, {"uuid": "d7608a19-4f52-45b3-b3ca-15e2a4a080e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15902", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21833\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.\n\ud83d\udccf Published: 2025-03-06T16:22:34.798Z\n\ud83d\udccf Modified: 2025-05-10T16:48:43.781Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d\n2. https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b", "creation_timestamp": "2025-05-10T17:38:11.000000Z"}, {"uuid": "ca166355-e8d2-424f-9c36-e510d9bc9f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://t.me/cvedetector/19719", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21833 - Intel VT-D NULL Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21833 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE \n \nThere is a WARN_ON_ONCE to catch an unlikely situation when \ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless \nhappens we must avoid using a NULL pointer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:35.000000Z"}, {"uuid": "563efd93-ba03-4012-9b8f-aa9e6509984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "https://t.me/cvedetector/19720", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21834 - Docker Seccomp Uretprobe Passthrough Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21834 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nseccomp: passthrough uretprobe systemcall without filtering \n \nWhen attaching uretprobes to processes running inside docker, the attached \nprocess is segfaulted when encountering the retprobe. \n \nThe reason is that now that uretprobe is a system call the default seccomp \nfilters in docker block it as they only allow a specific set of known \nsyscalls. This is true for other userspace applications which use seccomp \nto control their syscall surface. \n \nSince uretprobe is a \"kernel implementation detail\" system call which is \nnot used by userspace application code directly, it is impractical and \nthere's very little point in forcing all userspace applications to \nexplicitly allow it in order to avoid crashing tracked processes. \n \nPass this systemcall through seccomp without depending on configuration. \n \nNote: uretprobe is currently only x86_64 and isn't expected to ever be \nsupported in i386. \n \n[kees: minimized changes for easier backporting, tweaked commit log] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:39.000000Z"}, {"uuid": "fbde75ea-014a-4166-ad2b-69c3b1d6df89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21832", "type": "seen", "source": "https://t.me/cvedetector/19718", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21832 - Linux Kernel Block Device I/O Reversion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21832 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nblock: don't revert iter for -EIOCBQUEUED \n \nblkdev_read_iter() has a few odd checks, like gating the position and \ncount adjustment on whether or not the result is bigger-than-or-equal to \nzero (where bigger than makes more sense), and not checking the return \nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The \nlatter can lead to attempting to revert with a negative value, which \nwhen passed to iov_iter_revert() as an unsigned value will lead to \nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT. \n \nBe sane and don't revert for -EIOCBQUEUED, like what is done in other \nspots. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:35.000000Z"}, {"uuid": "8d8cf566-a538-4bc2-bc41-d538569b6934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21831", "type": "seen", "source": "https://t.me/cvedetector/19717", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21831 - TUXEDO Sirius Gen1 PCI PCIe Power Management Wakeup Issue\", \n \"Content\": \"CVE ID : CVE-2025-21831 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 \n \ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the \npolicy that all PCIe ports are allowed to use D3. When the system is \nsuspended if the port is not power manageable by the platform and won't be \nused for wakeup via a PME this sets up the policy for these ports to go \ninto D3hot. \n \nThis policy generally makes sense from an OSPM perspective but it leads to \nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a \nspecific old BIOS. This manifests as a system hang. \n \nOn the affected Device + BIOS combination, add a quirk for the root port of \nthe problematic controller to ensure that these root ports are not put into \nD3hot at suspend. \n \nThis patch is based on \n \n \n \nbut with the added condition both in the documentation and in the code to \napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only \nthe affected root ports. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:34.000000Z"}, {"uuid": "282323ce-9f58-4c46-8a48-710379922caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21830", "type": "seen", "source": "https://t.me/cvedetector/19723", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21830 - Linux Kernel Landlock Weird File Handling Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21830 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nlandlock: Handle weird files \n \nA corrupted filesystem (e.g. bcachefs) might return weird files. \nInstead of throwing a warning and allowing access to such file, treat \nthem as regular files. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:42.000000Z"}, {"uuid": "ba238ba4-bcf4-4c70-848b-9a30b3d599f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21833", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260511", "content": "", "creation_timestamp": "2026-05-10T18:00:00.000000Z"}]}