CVE-2025-23145 (GCVE-0-2025-23145)

Vulnerability from cvelistv5 – Published: 2025-05-01 12:55 – Updated: 2026-05-11 21:13
VLAI
Title
mptcp: fix NULL pointer in can_accept_new_subflow
Summary
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). The 'subflow_req->msk' ownership is transferred to the subflow the first, and there will be a risk of a null pointer dereference here. This patch fixes this issue by moving the 'subflow_req->msk' under the `own_req == true` conditional. Note that the !msk check in subflow_hmac_valid() can be dropped, because the same check already exists under the own_req mpj branch where the code has been moved to.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < 8cf7fef1bb2ffea7792bcbf71ca00216cecc725d (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < b3088bd2a6790c8efff139d86d7a9d0b1305977b (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < 855bf0aacd51fced11ea9aa0d5101ee0febaeadb (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < 7f9ae060ed64aef8f174c5f1ea513825b1be9af1 (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < dc81e41a307df523072186b241fa8244fecd7803 (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < efd58a8dd9e7a709a90ee486a4247c923d27296f (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < 4b2649b9717678aeb097893cc49f59311a1ecab0 (git)
Affected: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8 , < 443041deb5ef6a1289a99ed95015ec7442f141dc (git)
Create a notification for this product.
Linux Linux Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.237 , ≤ 5.10.* (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.135 , ≤ 6.1.* (semver)
Unaffected: 6.6.88 , ≤ 6.6.* (semver)
Unaffected: 6.12.24 , ≤ 6.12.* (semver)
Unaffected: 6.13.12 , ≤ 6.13.* (semver)
Unaffected: 6.14.3 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:42:35.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8cf7fef1bb2ffea7792bcbf71ca00216cecc725d",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "b3088bd2a6790c8efff139d86d7a9d0b1305977b",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "855bf0aacd51fced11ea9aa0d5101ee0febaeadb",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "7f9ae060ed64aef8f174c5f1ea513825b1be9af1",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "dc81e41a307df523072186b241fa8244fecd7803",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "efd58a8dd9e7a709a90ee486a4247c923d27296f",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "4b2649b9717678aeb097893cc49f59311a1ecab0",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "443041deb5ef6a1289a99ed95015ec7442f141dc",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.135",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.88",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.24",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:13:49.319Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8cf7fef1bb2ffea7792bcbf71ca00216cecc725d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3088bd2a6790c8efff139d86d7a9d0b1305977b"
        },
        {
          "url": "https://git.kernel.org/stable/c/855bf0aacd51fced11ea9aa0d5101ee0febaeadb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f9ae060ed64aef8f174c5f1ea513825b1be9af1"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc81e41a307df523072186b241fa8244fecd7803"
        },
        {
          "url": "https://git.kernel.org/stable/c/efd58a8dd9e7a709a90ee486a4247c923d27296f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b2649b9717678aeb097893cc49f59311a1ecab0"
        },
        {
          "url": "https://git.kernel.org/stable/c/443041deb5ef6a1289a99ed95015ec7442f141dc"
        }
      ],
      "title": "mptcp: fix NULL pointer in can_accept_new_subflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-23145",
    "datePublished": "2025-05-01T12:55:34.622Z",
    "dateReserved": "2025-01-11T14:28:41.512Z",
    "dateUpdated": "2026-05-11T21:13:49.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-23145",
      "date": "2026-06-27",
      "epss": "0.00169",
      "percentile": "0.0658"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23145\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T13:15:50.343\",\"lastModified\":\"2026-06-17T08:52:14.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix NULL pointer in can_accept_new_subflow\\n\\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\\n\\nCall trace:\\n\\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\\n  ...\\n\\nAccording to the debug log, the same req received two SYN-ACK in a very\\nshort time, very likely because the client retransmits the syn ack due\\nto multiple reasons.\\n\\nEven if the packets are transmitted with a relevant time interval, they\\ncan be processed by the server on different CPUs concurrently). The\\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\\nand there will be a risk of a null pointer dereference here.\\n\\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\\n`own_req == true` conditional.\\n\\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\\nthe same check already exists under the own_req mpj branch where the\\ncode has been moved to.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: se corrige el puntero NULL en can_accept_new_subflow Al probar la herramienta de evaluaci\u00f3n comparativa valkey con MPTCP, el kernel entra en p\u00e1nico en \u0027mptcp_can_accept_new_subflow\u0027 porque subflow_req-\u0026gt;msk es NULL. Rastreo de llamadas: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminador 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... Seg\u00fan el registro de depuraci\u00f3n, la misma solicitud recibi\u00f3 dos SYN-ACK en muy poco tiempo, probablemente porque el cliente retransmite el SYN-ACK por varias razones. Incluso si los paquetes se transmiten con un intervalo de tiempo relevante, el servidor puede procesarlos en diferentes CPU simult\u00e1neamente. La propiedad de \u0027subflow_req-\u0026gt;msk\u0027 se transfiere primero al subflujo, lo que conlleva el riesgo de una desreferencia de puntero nulo. Este parche corrige este problema moviendo \u0027subflow_req-\u0026gt;msk\u0027 bajo la condici\u00f3n `own_req == true`. Tenga en cuenta que la comprobaci\u00f3n !msk en subflow_hmac_valid() puede omitirse, ya que ya existe en la rama own_req de mpj, donde se ha movido el c\u00f3digo.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/mptcp/subflow.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"8cf7fef1bb2ffea7792bcbf71ca00216cecc725d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"b3088bd2a6790c8efff139d86d7a9d0b1305977b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"855bf0aacd51fced11ea9aa0d5101ee0febaeadb\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"7f9ae060ed64aef8f174c5f1ea513825b1be9af1\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"dc81e41a307df523072186b241fa8244fecd7803\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"efd58a8dd9e7a709a90ee486a4247c923d27296f\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"4b2649b9717678aeb097893cc49f59311a1ecab0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9466a1ccebbe54ac57fb8a89c2b4b854826546a8\",\"lessThan\":\"443041deb5ef6a1289a99ed95015ec7442f141dc\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/mptcp/subflow.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.9\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.9\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.237\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.181\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.135\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.88\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.24\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.13.12\",\"lessThanOrEqual\":\"6.13.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.14.3\",\"lessThanOrEqual\":\"6.14.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.15\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.9\",\"versionEndExcluding\":\"5.10.237\",\"matchCriteriaId\":\"C525983E-E824-4361-B00A-02698124F7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.181\",\"matchCriteriaId\":\"12331C9E-F601-4EFC-899E-369F98DCC70B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.135\",\"matchCriteriaId\":\"5B9ACE29-7445-4B6F-B761-6367C005E275\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.88\",\"matchCriteriaId\":\"6E5947E5-45E3-462A-829B-382B3B1C61BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.24\",\"matchCriteriaId\":\"1D35A8A8-F3EC-45E6-AD37-1F154B27529D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.12\",\"matchCriteriaId\":\"4A475784-BF3B-4514-81EE-49C8522FB24A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14\",\"versionEndExcluding\":\"6.14.3\",\"matchCriteriaId\":\"483E2E15-2135-4EC6-AB64-16282C5EF704\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/443041deb5ef6a1289a99ed95015ec7442f141dc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4b2649b9717678aeb097893cc49f59311a1ecab0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f9ae060ed64aef8f174c5f1ea513825b1be9af1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/855bf0aacd51fced11ea9aa0d5101ee0febaeadb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8cf7fef1bb2ffea7792bcbf71ca00216cecc725d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b3088bd2a6790c8efff139d86d7a9d0b1305977b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dc81e41a307df523072186b241fa8244fecd7803\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efd58a8dd9e7a709a90ee486a4247c923d27296f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.