Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.12.35/6.15.4/6.16-rc3. It has been classified as critical. This impacts the function unpin_user_folio of the component io_uring. This manipulation causes buffer overflow. This vulnerability is registered as CVE-2025-38256. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. This affects the function memdup_user of the component s390. The manipulation of the argument nr_apqns leads to allocation of resources. This vulnerability is referenced as CVE-2025-38257. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.95/6.12.35/6.15.4/6.16-rc3 and classified as critical. This affects the function group_cpus_evenly. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38255. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.4/6.16-rc3. The impacted element is the function cxl_cper_handle_prot_err of the component ras. Executing manipulation can lead to denial of service. The identification of this vulnerability is CVE-2025-38252. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.35/6.15.4/6.16-rc3. The affected element is the function wacom_aes_battery_handler of the component HID. Executing manipulation can lead to denial of service. This vulnerability is tracked as CVE-2025-38253. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.4/6.16-rc3 and classified as critical. The impacted element is the function drm_edid_raw of the component AMD Display. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-38254. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. Impacted is the function snd_usb_get_audioformat_uac3 of the component ALSA. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-38249. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.35/6.15.4/6.16-rc3. Affected by this vulnerability is the function vhci_flush in the library include/linux/skbuff.h of the component Bluetooth. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-38250. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. Impacted is the function clip_push of the component atm. Performing manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38251. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.12.35/6.15.4/6.16-rc3. This affects an unknown part of the component XDP_REDIRECT Feature. The manipulation results in privilege escalation. This vulnerability was named CVE-2025-38246. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.4/6.16-rc3. This issue affects the function br_multicast_port_ctx_deinit of the component bridge. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38248. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.15.4/6.16-rc3. This affects the function want_mount_setattr. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-38247. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.95/6.12.35/6.15.4/6.16-rc3. Affected by this issue is the function cifs_signal_cifsd_for_reconnect of the component smb. Executing manipulation can lead to deadlock. This vulnerability appears as CVE-2025-38244. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. Affected by this issue is the function atm_dev_deregister. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-38245. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as critical. The impacted element is the function kmem_cache_destroy of the file dswstate.c of the component SCI Handler. The manipulation leads to memory leak. This vulnerability is documented as CVE-2025-38345. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.15.3 and classified as critical. The affected element is the function kmem_cache_create of the component SCI Handler. Executing manipulation can lead to memory leak. This vulnerability is registered as CVE-2025-38344. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Impacted is an unknown function of the component wifi. Such manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2025-38343. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.15.3. This issue affects the function software_node_get_reference_args. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2025-38342. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.3 and classified as problematic. This affects the function arch_bpf_trampoline_size. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-38339. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been rated as critical. This impacts the function cs_dsp_mock_bin_add_name_or_info of the component firmware. This manipulation causes allocation of resources. This vulnerability appears as CVE-2025-38340. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.