{"vulnerability": "CVE-2025-37749", "sightings": [{"uuid": "9072721d-f94a-4ce0-91ae-632b315e8db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo4hls5hmv2e", "content": "", "creation_timestamp": "2025-05-01T13:55:47.099743Z"}, {"uuid": "7a3b7b3e-048c-4458-9d47-ca59e1c7f3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "seen", "source": "https://t.me/cvedetector/24222", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37749 - Linux PPP Out-of-Bounds Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37749 \nPublished : May 1, 2025, 1:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet: ppp: Add bound checking for skb data on ppp_sync_txmung \n \nEnsure we have enough data in linear buffer from skb before accessing \ninitial bytes. This prevents potential out-of-bounds accesses \nwhen processing short packets. \n \nWhen ppp_sync_txmung receives an incoming package with an empty \npayload: \n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header) \n$18 = { \n type = 0x1, \n ver = 0x1, \n code = 0x0, \n sid = 0x2, \n length = 0x0, \n tag = 0xffff8880371cdb96 \n} \n \nfrom the skb struct (trimmed) \n tail = 0x16, \n end = 0x140, \n head = 0xffff88803346f400 \"4\", \n data = 0xffff88803346f416 \":\\377\", \n truesize = 0x380, \n len = 0x0, \n data_len = 0x0, \n mac_len = 0xe, \n hdr_len = 0x0, \n \nit is not safe to access data[2]. \n \n[pabeni@redhat.com: fixed subj typo] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T16:30:18.000000Z"}, {"uuid": "1e7723c5-3aad-4547-b077-d932f29903fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37749", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37749\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\n type = 0x1,\n ver = 0x1,\n code = 0x0,\n sid = 0x2,\n length = 0x0,\n tag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]\n\ud83d\udccf Published: 2025-05-01T12:55:55.316Z\n\ud83d\udccf Modified: 2025-05-01T12:55:55.316Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca\n2. https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8\n3. https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533\n4. https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5\n5. https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e\n6. https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821", "creation_timestamp": "2025-05-01T13:14:43.000000Z"}]}