{"vulnerability": "cve-2025-3775", "sightings": [{"uuid": "10df0284-6fad-4858-8fe1-e9627625c99a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/0xor0ne.bsky.social/post/3lprysliva22j", "content": "", "creation_timestamp": "2025-05-22T20:54:50.567541Z"}, {"uuid": "6bca9b37-23a8-4d65-8d29-8ba406905a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/bluedevil.bsky.social/post/3lqmxsphzi222", "content": "", "creation_timestamp": "2025-06-02T14:19:00.267874Z"}, {"uuid": "48217d2e-e6fb-4aa7-b73d-4c7965b3e153", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3775", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmiyzlvwvb2", "content": "", "creation_timestamp": "2025-04-25T05:42:36.652704Z"}, {"uuid": "83e177f6-5c5d-4e2c-877e-7505f231438f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvlzyzuggs23", "content": "", "creation_timestamp": "2025-08-04T20:31:32.796892Z"}, {"uuid": "a7b08bd9-b0c9-40c9-b1a3-919ea809e0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37757", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlr4kuv2h", "content": "", "creation_timestamp": "2025-05-01T13:55:41.433140Z"}, {"uuid": "df4e4327-d0db-49a7-aace-637d533f9587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37755", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlr7ybx2h", "content": "", "creation_timestamp": "2025-05-01T13:55:42.070482Z"}, {"uuid": "55b02d84-c385-41bd-929e-d0fe28c4ab4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37758", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlrfeae2h", "content": "", "creation_timestamp": "2025-05-01T13:55:42.698983Z"}, {"uuid": "aa3cadd4-baaa-493b-818b-2e6ea5907e03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37753", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlrmajd2j", "content": "", "creation_timestamp": "2025-05-01T13:55:43.989309Z"}, {"uuid": "37887711-7fd6-4ba0-8f3c-feac5a00b08c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37759", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlrt76d2j", "content": "", "creation_timestamp": "2025-05-01T13:55:45.218364Z"}, {"uuid": "54b87adb-728b-4d01-acce-33c64dca4324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37751", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlrwixv2e", "content": "", "creation_timestamp": "2025-05-01T13:55:45.846973Z"}, {"uuid": "f8bcb39e-6d5d-4e76-a51e-7524dcc24950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37750", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hls26jr2p", "content": "", "creation_timestamp": "2025-05-01T13:55:46.475362Z"}, {"uuid": "c2b8983a-0558-4704-a131-0d632d0e99ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37756", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlsb53j22", "content": "", "creation_timestamp": "2025-05-01T13:55:47.689631Z"}, {"uuid": "98a581cf-7478-47ef-b4f2-b5368deb029d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37754", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlshobf2k", "content": "", "creation_timestamp": "2025-05-01T13:55:48.953921Z"}, {"uuid": "0e35d7b1-e9e8-4da8-b347-3757a2d3efb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hlskxbf2e", "content": "", "creation_timestamp": "2025-05-01T13:55:49.520064Z"}, {"uuid": "3b8e1ca0-4e59-4595-8460-6ef66949e8e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpfysa6ung2j", "content": "", "creation_timestamp": "2025-05-18T02:22:39.067909Z"}, {"uuid": "cab3d136-6c68-48a5-8eb5-1c41197387bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://infosec.exchange/users/Tinolle/statuses/114490626920406283", "content": "", "creation_timestamp": "2025-05-11T18:32:06.219227Z"}, {"uuid": "1ec76b74-e868-4d62-a3ad-b114236928b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/linkersec.bsky.social/post/3lp3dfymsqk2a", "content": "", "creation_timestamp": "2025-05-13T20:33:23.611152Z"}, {"uuid": "61f969e1-4334-4bfe-a9ee-e31e3b08b83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/linkersec.bsky.social/post/3lp3dfzjavk2a", "content": "", "creation_timestamp": "2025-05-13T20:33:24.143200Z"}, {"uuid": "a1bf7249-7470-4991-9e91-6ad421dcc4d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/0xor0ne.bsky.social/post/3lpeqlhy3bc2i", "content": "", "creation_timestamp": "2025-05-17T14:23:14.488073Z"}, {"uuid": "80a12806-6b66-40c0-8735-8b033ba41d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpskurx42h2r", "content": "", "creation_timestamp": "2025-05-23T02:18:08.541262Z"}, {"uuid": "bbc8539d-6f64-45d3-b18e-c7c8f69bfe9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/raptor.infosec.exchange.ap.brid.gy/post/3lokm62zwgry2", "content": "", "creation_timestamp": "2025-05-07T04:55:30.933302Z"}, {"uuid": "cd1a221c-7400-4d70-8746-484134031a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lokmaiff5l27", "content": "", "creation_timestamp": "2025-05-07T04:56:05.212027Z"}, {"uuid": "427569a9-9a61-474b-8b51-874d1ff5a4f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/0xor0ne.bsky.social/post/3lwloyqsfhs2r", "content": "", "creation_timestamp": "2025-08-17T10:39:42.497881Z"}, {"uuid": "a1d4facb-bd47-43f5-a071-2dafdf83858a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvnqtihptc2f", "content": "", "creation_timestamp": "2025-08-05T12:52:41.740014Z"}, {"uuid": "7ca10cbf-f895-4b2b-a173-91100c4e55fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lwndvvkc6g2y", "content": "", "creation_timestamp": "2025-08-18T02:26:33.007237Z"}, {"uuid": "3f39658b-8b00-46ea-bd9e-ae6bffb32d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lwseanwnc52x", "content": "", "creation_timestamp": "2025-08-20T02:15:52.147715Z"}, {"uuid": "25d779a4-f849-4ab7-bace-db5bccc47585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lwzvi26y5o2r", "content": "", "creation_timestamp": "2025-08-23T02:12:51.694351Z"}, {"uuid": "26281a01-f1ae-4f5c-b199-c93c588014f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lwuuoepmx525", "content": "", "creation_timestamp": "2025-08-21T02:15:11.451944Z"}, {"uuid": "9aa571c6-bdfe-4db3-a8f0-cae4868024c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lwxf6nvpu22v", "content": "", "creation_timestamp": "2025-08-22T02:15:57.528054Z"}, {"uuid": "2c2f6d54-d4b8-4fc1-a147-a6da75a5ef06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3775", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13378", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3775\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +20 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-04-25T04:23:04.940Z\n\ud83d\udccf Modified: 2025-04-25T04:23:04.940Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4dfc28ec-1411-43c3-833e-a6c85a3ed767?source=cve\n2. https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.1.2/includes/admin-panel/includes/classes/Admin.php#L71", "creation_timestamp": "2025-04-25T05:08:58.000000Z"}, {"uuid": "d7cbf0a2-1475-435e-9332-b423722527ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://gist.github.com/Darkcrai86/9146c6003145a6dd1c7230cf7d607ea3", "content": "", "creation_timestamp": "2025-08-29T11:28:19.000000Z"}, {"uuid": "6af460c5-5f70-48aa-aada-3a508f44b187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://gist.github.com/Darkcrai86/c2e363fe546c0d30b06f5e312bb6e1bb", "content": "", "creation_timestamp": "2025-08-29T11:28:04.000000Z"}, {"uuid": "5d2108b5-a65c-447e-94c0-8982bad8ee1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://gist.github.com/Darkcrai86/367664d2a94230671ccc0ebf34735cf2", "content": "", "creation_timestamp": "2025-08-29T11:27:50.000000Z"}, {"uuid": "7260ca1f-5b03-4fa0-9b30-2c81afd83011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37756", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "c1b8f486-8096-43a2-a1fd-5c388fa4f16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lx4gjn5bha2s", "content": "", "creation_timestamp": "2025-08-24T02:23:18.401483Z"}, {"uuid": "1eabcc8f-46dc-4d04-acad-123251ce5f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lx5xkv2d3k2c", "content": "", "creation_timestamp": "2025-08-24T17:00:56.488963Z"}, {"uuid": "8e12e720-1618-48eb-b8db-e9f0b4060196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37756", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lxxdrqsjg72k", "content": "", "creation_timestamp": "2025-09-03T19:16:02.019115Z"}, {"uuid": "e684d57b-977a-4658-8e26-6850a5bb25b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37750", "type": "seen", "source": "https://t.me/cvedetector/24223", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37750 - Linux SMB Client UAF in Decryption with Multichannel\", \n  \"Content\": \"CVE ID : CVE-2025-37750 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsmb: client: fix UAF in decryption with multichannel  \n  \nAfter commit f7025d861694 (\"smb: client: allocate crypto only for  \nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in  \nasync decryption\"), the channels started reusing AEAD TFM from primary  \nchannel to perform synchronous decryption, but that can't done as  \nthere could be multiple cifsd threads (one per channel) simultaneously  \naccessing it to perform decryption.  \n  \nThis fixes the following KASAN splat when running fstest generic/249  \nwith 'vers=3.1.1,multichannel,max_channels=4,seal' against Windows  \nServer 2022:  \n  \nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110  \nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986  \nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1  \nPREEMPT(voluntary)  \nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41  \n04/01/2014  \nCall Trace:  \n   \n dump_stack_lvl+0x5d/0x80  \n print_report+0x156/0x528  \n ? gf128mul_4k_lle+0xba/0x110  \n ? __virt_addr_valid+0x145/0x300  \n ? __phys_addr+0x46/0x90  \n ? gf128mul_4k_lle+0xba/0x110  \n kasan_report+0xdf/0x1a0  \n ? gf128mul_4k_lle+0xba/0x110  \n gf128mul_4k_lle+0xba/0x110  \n ghash_update+0x189/0x210  \n shash_ahash_update+0x295/0x370  \n ? __pfx_shash_ahash_update+0x10/0x10  \n ? __pfx_shash_ahash_update+0x10/0x10  \n ? __pfx_extract_iter_to_sg+0x10/0x10  \n ? ___kmalloc_large_node+0x10e/0x180  \n ? __asan_memset+0x23/0x50  \n crypto_ahash_update+0x3c/0xc0  \n gcm_hash_assoc_remain_continue+0x93/0xc0  \n crypt_message+0xe09/0xec0 [cifs]  \n ? __pfx_crypt_message+0x10/0x10 [cifs]  \n ? _raw_spin_unlock+0x23/0x40  \n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]  \n decrypt_raw_data+0x229/0x380 [cifs]  \n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]  \n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]  \n smb3_receive_transform+0x837/0xc80 [cifs]  \n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]  \n ? __pfx___might_resched+0x10/0x10  \n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]  \n cifs_demultiplex_thread+0x692/0x1570 [cifs]  \n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]  \n ? rcu_is_watching+0x20/0x50  \n ? rcu_lockdep_current_cpu_online+0x62/0xb0  \n ? find_held_lock+0x32/0x90  \n ? kvm_sched_clock_read+0x11/0x20  \n ? local_clock_noinstr+0xd/0xd0  \n ? trace_irq_enable.constprop.0+0xa8/0xe0  \n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]  \n kthread+0x1fe/0x380  \n ? kthread+0x10f/0x380  \n ? __pfx_kthread+0x10/0x10  \n ? local_clock_noinstr+0xd/0xd0  \n ? ret_from_fork+0x1b/0x60  \n ? local_clock+0x15/0x30  \n ? lock_release+0x29b/0x390  \n ? rcu_is_watching+0x20/0x50  \n ? __pfx_kthread+0x10/0x10  \n ret_from_fork+0x31/0x60  \n ? __pfx_kthread+0x10/0x10  \n ret_from_fork_asm+0x1a/0x30 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:19.000000Z"}, {"uuid": "74cd214f-ecdb-4482-9c9e-ab58ea30d8e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37755", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37755\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.\n\ud83d\udccf Published: 2025-05-01T12:55:59.499Z\n\ud83d\udccf Modified: 2025-05-01T12:55:59.499Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c17ef974bfcf1a50818168b47c4606b425a957c4\n2. https://git.kernel.org/stable/c/ad81d666e114ebf989fc9994d4c93d451dc60056\n3. https://git.kernel.org/stable/c/1dd13c60348f515acd8c6f25a561b9c4e3b04fea\n4. https://git.kernel.org/stable/c/90bec7cef8805f9a23145e070dff28a02bb584eb\n5. https://git.kernel.org/stable/c/7f1ff1b38a7c8b872382b796023419d87d78c47e", "creation_timestamp": "2025-05-01T13:14:39.000000Z"}, {"uuid": "30abf82f-2070-4aa8-adce-5985d5755591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37757", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14268", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37757\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix memory leak in tipc_link_xmit\n\nIn case the backlog transmit queue for system-importance messages is overloaded,\ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to\nmemory leak and failure when a skb is allocated.\n\nThis commit fixes this issue by purging the skb list before tipc_link_xmit()\nreturns.\n\ud83d\udccf Published: 2025-05-01T12:56:01.195Z\n\ud83d\udccf Modified: 2025-05-01T12:56:01.195Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/24e6280cdd7f8d01fc6b9b365fb800c2fb7ea9bb\n2. https://git.kernel.org/stable/c/09c2dcda2c551bba30710c33f6ac678ae7395389\n3. https://git.kernel.org/stable/c/7c5957f7905b4aede9d7a559d271438f3ca9e852\n4. https://git.kernel.org/stable/c/d0e02d3d27a0b4dcb13f954f537ca1dd8f282dcf\n5. https://git.kernel.org/stable/c/a40cbfbb8f95c325430f017883da669b2aa927d4\n6. https://git.kernel.org/stable/c/69ae94725f4fc9e75219d2d69022029c5b24bc9a", "creation_timestamp": "2025-05-01T13:14:38.000000Z"}, {"uuid": "75b8f6a2-800c-4f0c-af7a-7f3acb6ef1b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37751", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14270", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37751\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nx86/cpu: Avoid running off the end of an AMD erratum table\n\nThe NULL array terminator at the end of erratum_1386_microcode was\nremoved during the switch from x86_cpu_desc to x86_cpu_id. This\ncauses readers to run off the end of the array.\n\nReplace the NULL.\n\ud83d\udccf Published: 2025-05-01T12:55:56.624Z\n\ud83d\udccf Modified: 2025-05-01T12:55:56.624Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1b518f73f1b6f59e083ec33dea22d9a1a275a970\n2. https://git.kernel.org/stable/c/f0df00ebc57f803603f2a2e0df197e51f06fbe90", "creation_timestamp": "2025-05-01T13:14:42.000000Z"}, {"uuid": "0f1fd078-d843-4573-a35c-0dbcb5414dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37758", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14267", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37758\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()\n\ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does\nnot check for this case, which can result in a NULL pointer dereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.\n\ud83d\udccf Published: 2025-05-01T12:56:02.520Z\n\ud83d\udccf Modified: 2025-05-01T12:56:02.520Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2dc53c7a0c1f57b082931facafa804a7ca32a9a6\n2. https://git.kernel.org/stable/c/5b09bf6243b0bc0ae58bd9efdf6f0de5546f8d06\n3. https://git.kernel.org/stable/c/ee2b0301d6bfe16b35d57947687c664ecb815775\n4. https://git.kernel.org/stable/c/c022287f6e599422511aa227dc6da37b58d9ceac\n5. https://git.kernel.org/stable/c/2ba9e4c69207777bb0775c7c091800ecd69de144\n6. https://git.kernel.org/stable/c/ad320e408a8c95a282ab9c05cdf0c9b95e317985", "creation_timestamp": "2025-05-01T13:14:37.000000Z"}, {"uuid": "b69ba166-dccc-4a83-90a1-d4ce508cb788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37751", "type": "seen", "source": "https://t.me/cvedetector/24224", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37751 - AMD x86 CPU Array Indexing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37751 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nx86/cpu: Avoid running off the end of an AMD erratum table  \n  \nThe NULL array terminator at the end of erratum_1386_microcode was  \nremoved during the switch from x86_cpu_desc to x86_cpu_id. This  \ncauses readers to run off the end of the array.  \n  \nReplace the NULL. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:20.000000Z"}, {"uuid": "20a675cd-62cc-40d8-8962-315baade0ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37759", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37759\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix handling recovery & reissue in ublk_abort_queue()\n\nCommit 8284066946e6 (\"ublk: grab request reference when the request is handled\nby userspace\") doesn't grab request reference in case of recovery reissue.\nThen the request can be requeued & re-dispatch & failed when canceling\nuring command.\n\nIf it is one zc request, the request can be freed before io_uring\nreturns the zc buffer back, then cause kernel panic:\n\n[  126.773061] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[  126.773657] #PF: supervisor read access in kernel mode\n[  126.774052] #PF: error_code(0x0000) - not-present page\n[  126.774455] PGD 0 P4D 0\n[  126.774698] Oops: Oops: 0000 [#1] SMP NOPTI\n[  126.775034] CPU: 13 UID: 0 PID: 1612 Comm: kworker/u64:55 Not tainted 6.14.0_blk+ #182 PREEMPT(full)\n[  126.775676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n[  126.776275] Workqueue: iou_exit io_ring_exit_work\n[  126.776651] RIP: 0010:ublk_io_release+0x14/0x130 [ublk_drv]\n\nFixes it by always grabbing request reference for aborting the request.\n\ud83d\udccf Published: 2025-05-01T12:56:03.462Z\n\ud83d\udccf Modified: 2025-05-01T12:56:03.462Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/caa5c8a2358604f38bf0a4afaa5eacda13763067\n2. https://git.kernel.org/stable/c/5d34a30efac9c9c93e150130caa940c0df6053c1\n3. https://git.kernel.org/stable/c/0a21d259ca4d6310fdfcc0284ebbc000e66cbf70\n4. https://git.kernel.org/stable/c/6ee6bd5d4fce502a5b5a2ea805e9ff16e6aa890f", "creation_timestamp": "2025-05-01T13:14:36.000000Z"}, {"uuid": "8d2ef587-feed-46a3-83aa-daf6dbb19ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3775", "type": "seen", "source": "https://t.me/cvedetector/23734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3775 - ShopLentor WooCommerce Builder SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3775 \nPublished : April 25, 2025, 5:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +20 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T09:09:17.000000Z"}, {"uuid": "b67ebc38-0328-41a0-8ef5-3278cdeaca12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/314", "content": "[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds\n\nGreat article by D3vil about exploiting a type confusion in the network scheduler subsystem and pwning all kernelCTF instances.\n\nAuthor exploited a severely-limited OOB side-effect of the bug to corrupt pipe_inode_info->tmp_page and gain a page UAF read/write primitive. Researcher then swapped the private_data and f_cred fields of a signalfd file structure and overwrote the credentials via signalfd_ctx.", "creation_timestamp": "2025-05-13T20:33:47.000000Z"}, {"uuid": "ae15afe5-a3a4-4274-98e4-7b7e169d0905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://t.me/cvedetector/24225", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37752 - Linux Kernel net_sched sfq Array Index Out-of-Bounds\", \n  \"Content\": \"CVE ID : CVE-2025-37752 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet_sched: sch_sfq: move the limit validation  \n  \nIt is not sufficient to directly validate the limit on the data that  \nthe user passes as it can be updated based on how the other parameters  \nare changed.  \n  \nMove the check at the end of the configuration update process to also  \ncatch scenarios where the limit is indirectly updated, for example  \nwith the following configurations:  \n  \ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1  \ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1  \n  \nThis fixes the following syzkaller reported crash:  \n  \n------------[ cut here ]------------  \nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6  \nindex 65535 is out of range for type 'struct sfq_head[128]'  \nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024  \nCall Trace:  \n   \n __dump_stack lib/dump_stack.c:94 [inline]  \n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120  \n ubsan_epilogue lib/ubsan.c:231 [inline]  \n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429  \n sfq_link net/sched/sch_sfq.c:203 [inline]  \n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231  \n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493  \n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518  \n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035  \n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339  \n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035  \n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311  \n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]  \n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:24.000000Z"}, {"uuid": "5d403305-4a62-4c73-a020-dfa096deb81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37759", "type": "seen", "source": "https://t.me/cvedetector/24216", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37759 - \"ublk Linux Kernel NULL Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-37759 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nublk: fix handling recovery & reissue in ublk_abort_queue()  \n  \nCommit 8284066946e6 (\"ublk: grab request reference when the request is handled  \nby userspace\") doesn't grab request reference in case of recovery reissue.  \nThen the request can be requeued & re-dispatch & failed when canceling  \nuring command.  \n  \nIf it is one zc request, the request can be freed before io_uring  \nreturns the zc buffer back, then cause kernel panic:  \n  \n[  126.773061] BUG: kernel NULL pointer dereference, address: 00000000000000c8  \n[  126.773657] #PF: supervisor read access in kernel mode  \n[  126.774052] #PF: error_code(0x0000) - not-present page  \n[  126.774455] PGD 0 P4D 0  \n[  126.774698] Oops: Oops: 0000 [#1] SMP NOPTI  \n[  126.775034] CPU: 13 UID: 0 PID: 1612 Comm: kworker/u64:55 Not tainted 6.14.0_blk+ #182 PREEMPT(full)  \n[  126.775676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014  \n[  126.776275] Workqueue: iou_exit io_ring_exit_work  \n[  126.776651] RIP: 0010:ublk_io_release+0x14/0x130 [ublk_drv]  \n  \nFixes it by always grabbing request reference for aborting the request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:10.000000Z"}, {"uuid": "af73abbd-519a-449e-9670-613316cb946c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37757", "type": "seen", "source": "https://t.me/cvedetector/24215", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37757 - Linux Kernel tipc Memory Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37757 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ntipc: fix memory leak in tipc_link_xmit  \n  \nIn case the backlog transmit queue for system-importance messages is overloaded,  \ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to  \nmemory leak and failure when a skb is allocated.  \n  \nThis commit fixes this issue by purging the skb list before tipc_link_xmit()  \nreturns. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:10.000000Z"}, {"uuid": "e8ac776d-3389-4a33-9c37-a288e3491829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37756", "type": "seen", "source": "https://t.me/cvedetector/24214", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37756 - Linux Kernel TLS Disconnect Disallowed\", \n  \"Content\": \"CVE ID : CVE-2025-37756 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: tls: explicitly disallow disconnect  \n  \nsyzbot discovered that it can disconnect a TLS socket and then  \nrun into all sort of unexpected corner cases. I have a vague  \nrecollection of Eric pointing this out to us a long time ago.  \nSupporting disconnect is really hard, for one thing if offload  \nis enabled we'd need to wait for all packets to be _acked_.  \nDisconnect is not commonly used, disallow it.  \n  \nThe immediate problem syzbot run into is the warning in the strp,  \nbut that's just the easiest bug to trigger:  \n  \n  WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486  \n  RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486  \n  Call Trace:  \n     \n   tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363  \n   tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043  \n   inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678  \n   sock_recvmsg_nosec net/socket.c:1023 [inline]  \n   sock_recvmsg+0x109/0x280 net/socket.c:1045  \n   __sys_recvfrom+0x202/0x380 net/socket.c:2237 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:06.000000Z"}, {"uuid": "d983e43b-3eba-4bc0-8aab-2368366ba523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37755", "type": "seen", "source": "https://t.me/cvedetector/24213", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37755 - Linux kernel: Net Device Page Pool Allocation NULL Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37755 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: libwx: handle page_pool_dev_alloc_pages error  \n  \npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)  \nbut it would still proceed to use the NULL pointer and then crash.  \n  \nThis is similar to commit 001ba0902046  \n(\"net: fec: handle page_pool_dev_alloc_pages error\").  \n  \nThis is found by our static analysis tool KNighter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:05.000000Z"}, {"uuid": "d2bcc77b-ec92-4a6b-811a-a30249e8f994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37753", "type": "seen", "source": "https://t.me/cvedetector/24212", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37753 - IBM Linux Kernel s390 Double Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37753 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ns390/cpumf: Fix double free on error in cpumf_pmu_event_init()  \n  \nIn PMU event initialization functions  \n - cpumsf_pmu_event_init()  \n - cpumf_pmu_event_init()  \n - cfdiag_event_init()  \nthe partially created event had to be removed when an error was detected.  \nThe event::event_init() member function had to release all resources  \nit allocated in case of error. event::destroy() had to be called  \non freeing an event after it was successfully created and  \nevent::event_init() returned success.  \n  \nWith  \n  \ncommit c70ca298036c (\"perf/core: Simplify the perf_event_alloc() error path\")  \n  \nthis is not necessary anymore. The performance subsystem common  \ncode now always calls event::destroy() to clean up the allocated  \nresources created during event initialization.  \n  \nRemove the event::destroy() invocation in PMU event initialization  \nor that function is called twice for each event that runs into an  \nerror condition in event creation.  \n  \nThis is the kernel log entry which shows up without the fix:  \n  \n------------[ cut here ]------------  \nrefcount_t: underflow; use-after-free.  \nWARNING: CPU: 0 PID: 43388 at lib/refcount.c:87 refcount_dec_not_one+0x74/0x90  \nCPU: 0 UID: 0 PID: 43388 Comm: perf Not tainted 6.15.0-20250407.rc1.git0.300.fc41.s390x+git #1 NONE  \nHardware name: IBM 3931 A01 704 (LPAR)  \nKrnl PSW : 0704c00180000000 00000209cb2c1b88 (refcount_dec_not_one+0x78/0x90)  \n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3  \nKrnl GPRS: 0000020900000027 0000020900000023 0000000000000026 0000018900000000  \n           00000004a2200a00 0000000000000000 0000000000000057 ffffffffffffffea  \n           00000002b386c600 00000002b3f5b3e0 00000209cc51f140 00000209cc7fc550  \n           0000000001449d38 ffffffffffffffff 00000209cb2c1b84 00000189d67dfb80  \nKrnl Code: 00000209cb2c1b78: c02000506727 larl %r2,00000209cbcce9c6  \n           00000209cb2c1b7e: c0e5ffbd4431 brasl %r14,00000209caa6a3e0  \n          #00000209cb2c1b84: af000000  mc 0,0  \n          >00000209cb2c1b88: a7480001  lhi %r4,1  \n           00000209cb2c1b8c: ebeff0a00004 lmg %r14,%r15,160(%r15)  \n           00000209cb2c1b92: ec243fbf0055 risbg %r2,%r4,63,191,0  \n           00000209cb2c1b98: 07fe  bcr 15,%r14  \n           00000209cb2c1b9a: 47000700  bc 0,1792  \nCall Trace:  \n [<00000209cb2c1b88] refcount_dec_not_one+0x78/0x90  \n [<00000209cb2c1dc4] refcount_dec_and_mutex_lock+0x24/0x90  \n [<00000209caa3c29e] hw_perf_event_destroy+0x2e/0x80  \n [<00000209cacaf8b4] __free_event+0x74/0x270  \n [<00000209cacb47c4] perf_event_alloc.part.0+0x4a4/0x730  \n [<00000209cacbf3e8] __do_sys_perf_event_open+0x248/0xc20  \n [<00000209cacc14a4] __s390x_sys_perf_event_open+0x44/0x50  \n [<00000209cb8114de] __do_syscall+0x12e/0x260  \n [<00000209cb81ce34] system_call+0x74/0x98  \nLast Breaking-Event-Address:  \n [<00000209caa6a4d2] __warn_printk+0xf2/0x100  \n---[ end trace 0000000000000000 ]--- \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:04.000000Z"}, {"uuid": "6305849b-5cf6-4f9a-9663-8ab1cd129f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37758", "type": "seen", "source": "https://t.me/cvedetector/24211", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37758 - Linux ata Pata Pxa Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37758 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()  \n  \ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does  \nnot check for this case, which can result in a NULL pointer dereference.  \n  \nAdd NULL check after devm_ioremap() to prevent this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:04.000000Z"}, {"uuid": "c40af9ee-ebda-4cce-b216-335231f375a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37754", "type": "seen", "source": "https://t.me/cvedetector/24210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37754 - Intel I915 DRM Fence Not Released Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37754 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/i915/huc: Fix fence not released on early probe errors  \n  \nHuC delayed loading fence, introduced with commit 27536e03271da  \n(\"drm/i915/huc: track delayed HuC load with a fence\"), is registered with  \nobject tracker early on driver probe but unregistered only from driver  \nremove, which is not called on early probe errors.  Since its memory is  \nallocated under devres, then released anyway, it may happen to be  \nallocated again to the fence and reused on future driver probes, resulting  \nin kernel warnings that taint the kernel: <4[309.731371] ------------[ cut here ]------------ <3[309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915] <4[309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0  \n... <4[309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G     U             6.14.0-CI_DRM_16362-gf0fd77956987+ #1  \n... <4[309.731700] RIP: 0010:debug_print_object+0x93/0xf0  \n... <4[309.731728] Call Trace: <4[309.731730]    \n... <4[309.731949]  __debug_object_init+0x17b/0x1c0 <4[309.731957]  debug_object_init+0x34/0x50 <4[309.732126]  __i915_sw_fence_init+0x34/0x60 [i915] <4[309.732256]  intel_huc_init_early+0x4b/0x1d0 [i915] <4[309.732468]  intel_uc_init_early+0x61/0x680 [i915] <4[309.732667]  intel_gt_common_init_early+0x105/0x130 [i915] <4[309.732804]  intel_root_gt_init_early+0x63/0x80 [i915] <4[309.732938]  i915_driver_probe+0x1fa/0xeb0 [i915] <4[309.733075]  i915_pci_probe+0xe6/0x220 [i915] <4[309.733198]  local_pci_probe+0x44/0xb0 <4[309.733203]  pci_device_probe+0xf4/0x270 <4[309.733209]  really_probe+0xee/0x3c0 <4[309.733215]  __driver_probe_device+0x8c/0x180 <4[309.733219]  driver_probe_device+0x24/0xd0 <4[309.733223]  __driver_attach+0x10f/0x220 <4[309.733230]  bus_for_each_dev+0x7d/0xe0 <4[309.733236]  driver_attach+0x1e/0x30 <4[309.733239]  bus_add_driver+0x151/0x290 <4[309.733244]  driver_register+0x5e/0x130 <4[309.733247]  __pci_register_driver+0x7d/0x90 <4[309.733251]  i915_pci_register_driver+0x23/0x30 [i915] <4[309.733413]  i915_init+0x34/0x120 [i915] <4[309.733655]  do_one_initcall+0x62/0x3f0 <4[309.733667]  do_init_module+0x97/0x2a0 <4[309.733671]  load_module+0x25ff/0x2890 <4[309.733688]  init_module_from_file+0x97/0xe0 <4[309.733701]  idempotent_init_module+0x118/0x330 <4[309.733711]  __x64_sys_finit_module+0x77/0x100 <4[309.733715]  x64_sys_call+0x1f37/0x2650 <4[309.733719]  do_syscall_64+0x91/0x180 <4[309.733763]  entry_SYSCALL_64_after_hwframe+0x76/0x7e <4[309.733792]    \n... <4[309.733806] ---[ end trace 0000000000000000 ]---  \n  \nThat scenario is most easily reproducible with  \nigt@i915_module_load@reload-with-fault-injection.  \n  \nFix the issue by moving the cleanup step to driver release path.  \n  \n(cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:03.000000Z"}, {"uuid": "3fee9c38-1725-4039-886d-b2acb51070f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37752", "type": "seen", "source": "https://t.me/proxy_bar/2613", "content": "CVE-2025-37752\n*\nTwo Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds\n\n#linux #kernel", "creation_timestamp": "2025-05-12T18:41:14.000000Z"}]}