{"vulnerability": "cve-2025-2170", "sightings": [{"uuid": "be910004-d59c-43a5-be46-d8d81d97f971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113996370078813275", "content": "", "creation_timestamp": "2025-02-13T11:36:05.450568Z"}, {"uuid": "e68e3019-304c-408e-b048-4b5d58b5a993", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3dc3owqo2z", "content": "", "creation_timestamp": "2025-02-13T18:34:53.681313Z"}, {"uuid": "a3e46393-259f-45ae-b7fe-27c372ecc4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li2o4k3iyb2x", "content": "", "creation_timestamp": "2025-02-13T12:15:54.873414Z"}, {"uuid": "68c932cb-e08f-40d0-b917-0b70212fa390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li2vum2fr223", "content": "", "creation_timestamp": "2025-02-13T14:34:39.060781Z"}, {"uuid": "e0be52b8-f83e-432b-b555-ee6779bed1d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113997225255403748", "content": "", "creation_timestamp": "2025-02-13T15:13:34.455626Z"}, {"uuid": "02b93fba-31f3-40c5-aaa3-b36d059009a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li2y6tdnds2s", "content": "", "creation_timestamp": "2025-02-13T15:16:09.016161Z"}, {"uuid": "ba022c00-5c88-4bb0-b196-0ed185372a7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114001104447468346", "content": "", "creation_timestamp": "2025-02-14T07:40:06.113141Z"}, {"uuid": "d8dcc9e3-efa4-440a-b24e-f18cedf6d3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21705", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3ljo4dkyf7k2l", "content": "", "creation_timestamp": "2025-03-05T23:16:11.289033Z"}, {"uuid": "66d76170-7d0b-4dfa-b7fc-9b6729b13787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihkmthdcy2p", "content": "", "creation_timestamp": "2025-02-18T15:18:03.206831Z"}, {"uuid": "2fc21cc9-b255-4418-9fbd-176cfe607037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21703", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihkmvo6452h", "content": "", "creation_timestamp": "2025-02-18T15:18:05.261362Z"}, {"uuid": "50d98ffd-afcd-406f-a918-485d8e4b89d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lii4enkqjc2j", "content": "", "creation_timestamp": "2025-02-18T20:35:37.578351Z"}, {"uuid": "707341a2-bade-4064-b92c-e938b9cc748b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lii4enkqjc2j", "content": "", "creation_timestamp": "2025-02-18T20:35:37.676824Z"}, {"uuid": "00671ad7-3498-4ff6-a6f1-78c2c039008c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lii4enkqjc2j", "content": "", "creation_timestamp": "2025-02-18T20:35:37.731625Z"}, {"uuid": "10a99e78-5738-4350-beb0-b3cb9a0ce64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21703", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lii4enkqjc2j", "content": "", "creation_timestamp": "2025-02-18T20:35:37.791441Z"}, {"uuid": "e6b290dd-59ce-4f96-80e9-683c90f7b5d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lo5u3g3sjk2d", "content": "", "creation_timestamp": "2025-05-02T03:11:50.327830Z"}, {"uuid": "d121c616-b550-4772-907d-d6acf875ad8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21704", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114047226500494320", "content": "", "creation_timestamp": "2025-02-22T11:09:34.329149Z"}, {"uuid": "c9e0f2f7-de5e-438a-9b79-6237a57a21e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21704", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liraysjppu23", "content": "", "creation_timestamp": "2025-02-22T11:52:24.787138Z"}, {"uuid": "17231362-3ae2-4413-ac63-d95f69e04ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "7957d435-a157-4ca8-a87f-2203059d4850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "6704b714-49e3-4f82-a5af-c051c7f42ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://bsky.app/profile/redhotcyber.bsky.social/post/3lr6fkabf6k2v", "content": "", "creation_timestamp": "2025-06-09T12:39:54.868075Z"}, {"uuid": "fdfb1dab-631c-4b7d-af12-b13c8ef9f8f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114428543253184581", "content": "", "creation_timestamp": "2025-04-30T19:23:25.351768Z"}, {"uuid": "fecd492f-ad2c-4f63-80ab-3215780710ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3e1eb2dc-9f2b85c0736bce03", "content": "", "creation_timestamp": "2025-06-09T17:00:48.920575Z"}, {"uuid": "9eaace11-757d-422b-be1a-cbb509790cdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvnqtihptc2f", "content": "", "creation_timestamp": "2025-08-05T12:52:41.861949Z"}, {"uuid": "139b8cde-f329-467f-84c7-5cd2ccab872e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvlzyzuggs23", "content": "", "creation_timestamp": "2025-08-04T20:31:32.901713Z"}, {"uuid": "6eee020a-6db4-4210-ac2a-c457ccd332bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21704", "type": "seen", "source": "https://t.me/cvedetector/18711", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21704 - Linux Kernel usb-cdc-acm Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21704 \nPublished : Feb. 22, 2025, 10:15 a.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nusb: cdc-acm: Check control transfer buffer size before access  \n  \nIf the first fragment is shorter than struct usb_cdc_notification, we can't  \ncalculate an expected_size. Log an error and discard the notification  \ninstead of reading lengths from memory outside the received data, which can  \nlead to memory corruption when the expected_size decreases between  \nfragments, causing `expected_size - acm->nb_index` to wrap.  \n  \nThis issue has been present since the beginning of git history; however,  \nit only leads to memory corruption since commit ea2583529cd1  \n(\"cdc-acm: reassemble fragmented notifications\").  \n  \nA mitigating factor is that acm_ctrl_irq() can only execute after userspace  \nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will  \ndo that automatically depending on the USB device's vendor/product IDs and  \nits other interfaces. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T12:29:06.000000Z"}, {"uuid": "3298a524-a85e-4638-b71d-7ec7f4f03a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "531dc5e7-3d9a-4913-8658-b5328224f943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "https://t.me/cvedetector/18326", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21702 - Linux Kernel pfifo_head_drop Scheduler Qdisc Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21702 \nPublished : Feb. 18, 2025, 3:15 p.m. | 29\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \npfifo_tail_enqueue: Drop new packet when sch->limit == 0  \n  \nExpected behaviour:  \nIn case we reach scheduler's limit, pfifo_tail_enqueue() will drop a  \npacket in scheduler's queue and decrease scheduler's qlen by one.  \nThen, pfifo_tail_enqueue() enqueue new packet and increase  \nscheduler's qlen by one. Finally, pfifo_tail_enqueue() return  \n`NET_XMIT_CN` status code.  \n  \nWeird behaviour:  \nIn case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a  \nscheduler that has no packet, the 'drop a packet' step will do nothing.  \nThis means the scheduler's qlen still has value equal 0.  \nThen, we continue to enqueue new packet and increase scheduler's qlen by  \none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by  \none and return `NET_XMIT_CN` status code.  \n  \nThe problem is:  \nLet's say we have two qdiscs: Qdisc_A and Qdisc_B.  \n - Qdisc_A's type must have '->graft()' function to create parent/child relationship.  \n   Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.  \n - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.  \n - Qdisc_B is configured to have `sch->limit == 0`.  \n - Qdisc_A is configured to route the enqueued's packet to Qdisc_B.  \n  \nEnqueue packet through Qdisc_A will lead to:  \n - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B)  \n - Qdisc_B->q.qlen += 1  \n - pfifo_tail_enqueue() return `NET_XMIT_CN`  \n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A.  \n  \nThe whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1.  \nReplace 'hfsc' with other type (for example: 'drr') still lead to the same problem.  \nThis violate the design where parent's qlen should equal to the sum of its childrens'qlen.  \n  \nBug impact: This issue can be used for user->kernel privilege escalation when it is reachable. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T16:48:54.000000Z"}, {"uuid": "55cc6a95-4c1d-41cf-b103-4daf442f262b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21703", "type": "seen", "source": "https://t.me/cvedetector/18325", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21703 - Linux Kernel netem Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21703 \nPublished : Feb. 18, 2025, 3:15 p.m. | 29\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetem: Update sch->q.qlen before qdisc_tree_reduce_backlog()  \n  \nqdisc_tree_reduce_backlog() notifies parent qdisc only if child  \nqdisc becomes empty, therefore we need to reduce the backlog of the  \nchild qdisc before calling it. Otherwise it would miss the opportunity  \nto call cops->qlen_notify(), in the case of DRR, it resulted in UAF  \nsince DRR uses ->qlen_notify() to maintain its active list. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T16:48:53.000000Z"}, {"uuid": "d4c99549-61b4-4ffa-adf8-4868f90e8059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21708", "type": "seen", "source": "https://t.me/cvedetector/18995", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21708 - \"RTL8150 USB Endpoint Checking Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21708 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: usb: rtl8150: enable basic endpoint checking  \n  \nSyzkaller reports [1] encountering a common issue of utilizing a wrong  \nusb endpoint type during URB submitting stage. This, in turn, triggers  \na warning shown below.  \n  \nFor now, enable simple endpoint checking (specifically, bulk and  \ninterrupt eps, testing control one is not essential) to mitigate  \nthe issue with a view to do other related cosmetic changes later,  \nif they are necessary.  \n  \n[1] Syzkaller report:  \nusb 1-1: BOGUS urb xfer, pipe 3 != type 1  \nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv>  \nModules linked in:  \nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617>  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024  \nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503  \nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8>  \nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282  \nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9  \nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001  \nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000  \nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001  \nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c  \nFS:  00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \nCall Trace:  \n   \n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733  \n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474  \n __dev_change_flags+0x561/0x720 net/core/dev.c:8838  \n dev_change_flags+0x8f/0x160 net/core/dev.c:8910  \n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177  \n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003  \n sock_do_ioctl+0x116/0x280 net/socket.c:1222  \n sock_ioctl+0x22e/0x6c0 net/socket.c:1341  \n vfs_ioctl fs/ioctl.c:51 [inline]  \n __do_sys_ioctl fs/ioctl.c:907 [inline]  \n __se_sys_ioctl fs/ioctl.c:893 [inline]  \n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \nRIP: 0033:0x7fc04ef73d49  \n...  \n  \nThis change has not been tested on real hardware. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:31:10.000000Z"}, {"uuid": "16a56278-1d8d-43dd-a27a-73f03d8c9ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21707", "type": "seen", "source": "https://t.me/cvedetector/18996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21707 - Linux MPTCP Uninitialized Bitfield Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21707 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmptcp: consolidate suboption status  \n  \nMPTCP maintains the received sub-options status is the bitmask carrying  \nthe received suboptions and in several bitfields carrying per suboption  \nadditional info.  \n  \nZeroing the bitmask before parsing is not enough to ensure a consistent  \nstatus, and the MPTCP code has to additionally clear some bitfiled  \ndepending on the actually parsed suboption.  \n  \nThe above schema is fragile, and syzbot managed to trigger a path where  \na relevant bitfield is not cleared/initialized:  \n  \n  BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]  \n  BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]  \n  BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]  \n  BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209  \n   __mptcp_expand_seq net/mptcp/options.c:1030 [inline]  \n   mptcp_expand_seq net/mptcp/protocol.h:864 [inline]  \n   ack_update_msk net/mptcp/options.c:1060 [inline]  \n   mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209  \n   tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233  \n   tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264  \n   tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916  \n   tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351  \n   ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205  \n   ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233  \n   NF_HOOK include/linux/netfilter.h:314 [inline]  \n   ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254  \n   dst_input include/net/dst.h:460 [inline]  \n   ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447  \n   NF_HOOK include/linux/netfilter.h:314 [inline]  \n   ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567  \n   __netif_receive_skb_one_core net/core/dev.c:5704 [inline]  \n   __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817  \n   process_backlog+0x4ad/0xa50 net/core/dev.c:6149  \n   __napi_poll+0xe7/0x980 net/core/dev.c:6902  \n   napi_poll net/core/dev.c:6971 [inline]  \n   net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093  \n   handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561  \n   __do_softirq+0x14/0x1a kernel/softirq.c:595  \n   do_softirq+0x9a/0x100 kernel/softirq.c:462  \n   __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389  \n   local_bh_enable include/linux/bottom_half.h:33 [inline]  \n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]  \n   __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493  \n   dev_queue_xmit include/linux/netdevice.h:3168 [inline]  \n   neigh_hh_output include/net/neighbour.h:523 [inline]  \n   neigh_output include/net/neighbour.h:537 [inline]  \n   ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236  \n   __ip_finish_output+0x287/0x810  \n   ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324  \n   NF_HOOK_COND include/linux/netfilter.h:303 [inline]  \n   ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434  \n   dst_output include/net/dst.h:450 [inline]  \n   ip_local_out net/ipv4/ip_output.c:130 [inline]  \n   __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536  \n   ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550  \n   __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468  \n   tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]  \n   tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829  \n   __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012  \n   tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618  \n   __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130  \n   __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496  \n   mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550  \n   mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889  \n   mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [i[...]", "creation_timestamp": "2025-02-27T04:31:10.000000Z"}, {"uuid": "c7b30d95-ac41-4694-96c5-93676146438c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21702", "type": "seen", "source": "Telegram/Ig1PoEkLRkLZXw2uOx0iXI5kdj6breIEyUIy1Z-iyA-tgLY", "content": "", "creation_timestamp": "2026-04-02T11:19:48.000000Z"}, {"uuid": "b3b499b9-d529-4282-8ab2-3b6dba23f014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14138", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2170\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.\n\ud83d\udccf Published: 2025-04-30T18:46:34.939Z\n\ud83d\udccf Modified: 2025-04-30T18:46:34.939Z\n\ud83d\udd17 References:\n1. http://10.210.34.9/vuln-detail/SNWLID-2025-0008", "creation_timestamp": "2025-04-30T19:13:54.000000Z"}, {"uuid": "c3330c8d-f4d5-4817-8d8a-aeb7a515f091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21703", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4890", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21703\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch->q.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops->qlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses ->qlen_notify() to maintain its active list.\n\ud83d\udccf Published: 2025-02-18T14:37:44.261Z\n\ud83d\udccf Modified: 2025-02-21T13:45:22.563Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55\n2. https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5\n3. https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83\n4. https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32\n5. https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71", "creation_timestamp": "2025-02-21T14:18:28.000000Z"}, {"uuid": "aef46bdb-22ae-4ed2-8eca-776e854da844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21700\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T12:15:27.837\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/46c59ec33ec98aba20c15117630cae43a01404cc\n2. https://git.kernel.org/stable/c/73c7e1d6898ccbeee126194dcc05f58b8a795e70\n3. https://git.kernel.org/stable/c/7e2bd8c13b07e29a247c023c7444df23f9a79fd8\n4. https://git.kernel.org/stable/c/bc50835e83f60f56e9bec2b392fb5544f250fb6f", "creation_timestamp": "2025-02-13T13:08:25.000000Z"}, {"uuid": "dad556ca-944b-4640-a098-946a5b76b943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21701", "type": "seen", "source": "https://t.me/cvedetector/17998", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21701 - Linux Kernel - Ethtool Net Device Unregistration Race Condition Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-21701 \nPublished : Feb. 13, 2025, 3:15 p.m. | 22\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: avoid race between device unregistration and ethnl ops  \n  \nThe following trace can be seen if a device is being unregistered while  \nits number of channels are being modified.  \n  \n  DEBUG_LOCKS_WARN_ON(lock->magic != lock)  \n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120  \n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771  \n  RIP: 0010:__mutex_lock+0xc8a/0x1120  \n  Call Trace:  \n     \n   ethtool_check_max_channel+0x1ea/0x880  \n   ethnl_set_channels+0x3c3/0xb10  \n   ethnl_default_set_doit+0x306/0x650  \n   genl_family_rcv_msg_doit+0x1e3/0x2c0  \n   genl_rcv_msg+0x432/0x6f0  \n   netlink_rcv_skb+0x13d/0x3b0  \n   genl_rcv+0x28/0x40  \n   netlink_unicast+0x42e/0x720  \n   netlink_sendmsg+0x765/0xc20  \n   __sys_sendto+0x3ac/0x420  \n   __x64_sys_sendto+0xe0/0x1c0  \n   do_syscall_64+0x95/0x180  \n   entry_SYSCALL_64_after_hwframe+0x76/0x7e  \n  \nThis is because unregister_netdevice_many_notify might run before the  \nrtnl lock section of ethnl operations, eg. set_channels in the above  \nexample. In this example the rss lock would be destroyed by the device  \nunregistration path before being used again, but in general running  \nethnl operations while dismantle has started is not a good idea.  \n  \nFix this by denying any operation on devices being unregistered. A check  \nwas already there in ethnl_ops_begin, but not wide enough.  \n  \nNote that the same issue cannot be seen on the ioctl version  \n(__dev_ethtool) because the device reference is retrieved from within  \nthe rtnl lock section there. Once dismantle started, the net device is  \nunlisted and no reference will be found. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T17:09:34.000000Z"}, {"uuid": "4803b684-0949-40e1-adf5-7f9bfb53315f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21704", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5019", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21704\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can't\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm->nb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device's vendor/product IDs and\nits other interfaces.\n\ud83d\udccf Published: 2025-02-22T09:43:37.377Z\n\ud83d\udccf Modified: 2025-02-22T09:43:37.377Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646\n2. https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c\n3. https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636\n4. https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831\n5. https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01", "creation_timestamp": "2025-02-22T10:26:05.000000Z"}, {"uuid": "8853c43e-1e6c-4121-891a-a14ba65ce91a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21709", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5644", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21709\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nkernel: be more careful about dup_mmap() failures and uprobe registering\n\nIf a memory allocation fails during dup_mmap(), the maple tree can be left\nin an unsafe state for other iterators besides the exit path.  All the\nlocks are dropped before the exit_mmap() call (in mm/mmap.c), but the\nincomplete mm_struct can be reached through (at least) the rmap finding\nthe vmas which have a pointer back to the mm_struct.\n\nUp to this point, there have been no issues with being able to find an\nmm_struct that was only partially initialised.  Syzbot was able to make\nthe incomplete mm_struct fail with recent forking changes, so it has been\nproven unsafe to use the mm_struct that hasn't been initialised, as\nreferenced in the link below.\n\nAlthough 8ac662f5da19f (\"fork: avoid inappropriate uprobe access to\ninvalid mm\") fixed the uprobe access, it does not completely remove the\nrace.\n\nThis patch sets the MMF_OOM_SKIP to avoid the iteration of the vmas on the\noom side (even though this is extremely unlikely to be selected as an oom\nvictim in the race window), and sets MMF_UNSTABLE to avoid other potential\nusers from using a partially initialised mm_struct.\n\nWhen registering vmas for uprobe, skip the vmas in an mm that is marked\nunstable.  Modifying a vma in an unstable mm may cause issues if the mm\nisn't fully initialised.\n\ud83d\udccf Published: 2025-02-27T02:07:22.452Z\n\ud83d\udccf Modified: 2025-02-27T02:07:22.452Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/da139948aeda677ac09cc0e7d837f8a314de7d55\n2. https://git.kernel.org/stable/c/64c37e134b120fb462fb4a80694bfb8e7be77b14", "creation_timestamp": "2025-02-27T02:25:32.000000Z"}, {"uuid": "7d177143-03d4-46a6-9827-14ee8f3c2ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21700", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/17997", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21700 - Linux Kernel Net_sched UAF Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-21700 \nPublished : Feb. 13, 2025, 12:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: sched: Disallow replacing of child qdisc from one parent to another  \n  \nLion Ackermann was able to create a UAF which can be abused for privilege  \nescalation with the following script  \n  \nStep 1. create root qdisc  \ntc qdisc add dev lo root handle 1:0 drr  \n  \nstep2. a class for packet aggregation do demonstrate uaf  \ntc class add dev lo classid 1:1 drr  \n  \nstep3. a class for nesting  \ntc class add dev lo classid 1:2 drr  \n  \nstep4. a class to graft qdisc to  \ntc class add dev lo classid 1:3 drr  \n  \nstep5.  \ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024  \n  \nstep6.  \ntc qdisc add dev lo parent 1:2 handle 3:0 drr  \n  \nstep7.  \ntc class add dev lo classid 3:1 drr  \n  \nstep 8.  \ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo  \n  \nstep 9. Display the class/qdisc layout  \n  \ntc class ls dev lo  \n class drr 1:1 root leaf 2: quantum 64Kb  \n class drr 1:2 root leaf 3: quantum 64Kb  \n class drr 3:1 root leaf 4: quantum 64Kb  \n  \ntc qdisc ls  \n qdisc drr 1: dev lo root refcnt 2  \n qdisc plug 2: dev lo parent 1:1  \n qdisc pfifo 4: dev lo parent 3:1 limit 1000p  \n qdisc drr 3: dev lo parent 1:2  \n  \nstep10. trigger the bug <===\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T14:39:10.000000Z"}, {"uuid": "2aabae90-3e87-4883-8a7a-0253f00955c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2170", "type": "seen", "source": "https://t.me/cvedetector/24130", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2170 - SMA1000 Appliance SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2170 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:05:56.000000Z"}, {"uuid": "1974cf30-9d2a-4e0a-baab-640d248b1482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21707", "type": "seen", "source": "Telegram/LH_R8B6Y55dCSkjhgY9kiSioWECqO5VxKdzmOSKltoXnzKEa", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}]}