cvelistv5 - cve-2025-40083

CVE-2025-40083 (GCVE-0-2025-40083)

Vulnerability from cvelistv5

Published

2025-10-29 13:37

Modified

2025-11-02 13:30

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to include/net/pkt_sched.h so that sch_qfq can reuse it. 3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.

References

URL

ghsa-wf68-85vc-c49w

Vulnerability from github

Published

2025-10-29 15:31

Modified

2025-11-02 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix null-deref in agg_dequeue

To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c.

To avoid code duplication, the following changes are made:

Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function.
Moved qdisc_peek_len from net/sched/sch_hfsc.c to include/net/pkt_sched.h so that sch_qfq can reuse it.
Applied qdisc_peek_len in agg_dequeue to avoid crashing.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40083"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-29T14:15:54Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix null-deref in agg_dequeue\n\nTo prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)\nwhen cl-\u003eqdisc-\u003eops-\u003epeek(cl-\u003eqdisc) returns NULL, we check the return\nvalue before using it, similar to the existing approach in sch_hfsc.c.\n\nTo avoid code duplication, the following changes are made:\n\n1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static\ninline function.\n\n2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to\ninclude/net/pkt_sched.h so that sch_qfq can reuse it.\n\n3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.",
  "id": "GHSA-wf68-85vc-c49w",
  "modified": "2025-11-02T15:30:12Z",
  "published": "2025-10-29T15:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40083"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

wid-sec-w-2025-2441

Vulnerability from csaf_certbund

Published

2025-10-29 23:00

Modified

2025-10-30 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2441 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2441.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2441 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2441"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-7324",
        "url": "https://lore.kernel.org/linux-cve-announce/2025102918-CVE-2023-7324-8dca@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40083",
        "url": "https://lore.kernel.org/linux-cve-announce/2025102908-CVE-2025-40083-1481@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40084",
        "url": "https://lore.kernel.org/linux-cve-announce/2025102909-CVE-2025-40084-1407@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40085",
        "url": "https://lore.kernel.org/linux-cve-announce/2025102910-CVE-2025-40085-0ce0@gregkh/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-10-30T23:00:00.000+00:00",
      "generator": {
        "date": "2025-10-31T09:29:19.351+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2441",
      "initial_release_date": "2025-10-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-36664"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T028462",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:unspecified"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7324",
      "product_status": {
        "known_affected": [
          "T028462"
        ]
      },
      "release_date": "2025-10-29T23:00:00.000+00:00",
      "title": "CVE-2023-7324"
    },
    {
      "cve": "CVE-2025-40083",
      "product_status": {
        "known_affected": [
          "T028462"
        ]
      },
      "release_date": "2025-10-29T23:00:00.000+00:00",
      "title": "CVE-2025-40083"
    },
    {
      "cve": "CVE-2025-40084",
      "product_status": {
        "known_affected": [
          "T028462"
        ]
      },
      "release_date": "2025-10-29T23:00:00.000+00:00",
      "title": "CVE-2025-40084"
    },
    {
      "cve": "CVE-2025-40085",
      "product_status": {
        "known_affected": [
          "T028462"
        ]
      },
      "release_date": "2025-10-29T23:00:00.000+00:00",
      "title": "CVE-2025-40085"
    }
  ]
}

msrc_cve-2025-40083

Vulnerability from csaf_microsoft

Published

2025-10-02 00:00

Modified

2025-10-31 01:03

Summary

net/sched: sch_qfq: Fix null-deref in agg_dequeue

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-40083 net/sched: sch_qfq: Fix null-deref in agg_dequeue - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40083.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "net/sched: sch_qfq: Fix null-deref in agg_dequeue",
    "tracking": {
      "current_release_date": "2025-10-31T01:03:26.000Z",
      "generator": {
        "date": "2025-11-04T20:08:19.279Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-40083",
      "initial_release_date": "2025-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-31T01:03:26.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.104.2-4",
                "product": {
                  "name": "azl3 kernel 6.6.104.2-4",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.104.2-4 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40083",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-40083 net/sched: sch_qfq: Fix null-deref in agg_dequeue - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40083.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-10-31T01:03:26.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "net/sched: sch_qfq: Fix null-deref in agg_dequeue"
    }
  ]
}

fkie_cve-2025-40083

Vulnerability from fkie_nvd

Published

2025-10-29 14:15

Modified

2025-11-02 14:15

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix null-deref in agg_dequeue\n\nTo prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)\nwhen cl-\u003eqdisc-\u003eops-\u003epeek(cl-\u003eqdisc) returns NULL, we check the return\nvalue before using it, similar to the existing approach in sch_hfsc.c.\n\nTo avoid code duplication, the following changes are made:\n\n1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static\ninline function.\n\n2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to\ninclude/net/pkt_sched.h so that sch_qfq can reuse it.\n\n3. Applied qdisc_peek_len in agg_dequeue to avoid crashing."
    }
  ],
  "id": "CVE-2025-40083",
  "lastModified": "2025-11-02T14:15:35.870",
  "metrics": {},
  "published": "2025-10-29T14:15:54.900",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CERTFR-2025-AVI-0966

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	azl3 moby-engine 25.0.3-13
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.104.2-4
Microsoft	N/A	cbl2 msft-golang 1.24.8-1
Microsoft	N/A	azl3 gh 2.62.0-9
Microsoft	N/A	azl3 frr 9.1.1-3
Microsoft	N/A	azl3 xorg-x11-server-Xwayland 24.1.6-2 versions antérieures à 24.1.6-3
Microsoft	N/A	cbl2 libcontainers-common 20210626-7
Microsoft	N/A	cbl2 moby-engine 24.0.9-18
Microsoft	N/A	cbl2 frr 8.5.5-3
Microsoft	N/A	azl3 containerized-data-importer 1.57.0-16
Microsoft	N/A	azl3 skopeo 1.14.4-6
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	azl3 keras 3.3.3-4 versions antérieures à 3.3.3-5
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	cbl2 keras 2.11.0-3
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 keras 3.3.3-4
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	cbl2 cri-o 1.22.3-16
Microsoft	N/A	cbl2 skopeo 1.14.2-12
Microsoft	N/A	cbl2 containerized-data-importer 1.55.0-25
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	azl3 libcontainers-common 20240213-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-58189	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40099	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40083	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58186	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61724	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61103	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12058	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40087	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61100	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61105	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62229	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40106	2025-11-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62231	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61102	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40097	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40100	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40084	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58187	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40094	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61106	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40104	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40103	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61104	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40085	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-47912	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40092	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40105	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40096	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61107	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40088	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58183	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61725	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61101	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61723	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40102	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40095	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12060	2025-11-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62230	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58185	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58188	2025-10-31	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 golang 1.22.7-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.23.12-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 moby-engine 25.0.3-13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 msft-golang 1.24.8-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gh 2.62.0-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 frr 9.1.1-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 xorg-x11-server-Xwayland 24.1.6-2 versions ant\u00e9rieures \u00e0 24.1.6-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 libcontainers-common 20210626-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 moby-engine 24.0.9-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 frr 8.5.5-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 containerized-data-importer 1.57.0-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 skopeo 1.14.4-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 keras 3.3.3-4 versions ant\u00e9rieures \u00e0 3.3.3-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gcc 11.2.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 keras 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.3-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 tensorflow 2.11.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 keras 3.3.3-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gcc 13.2.0-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 cri-o 1.22.3-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 skopeo 1.14.2-12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 containerized-data-importer 1.55.0-25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.18.8-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libcontainers-common 20240213-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-40100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
    },
    {
      "name": "CVE-2025-40103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
    },
    {
      "name": "CVE-2025-61102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61102"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2025-40092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
    },
    {
      "name": "CVE-2025-61106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61106"
    },
    {
      "name": "CVE-2025-61103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61103"
    },
    {
      "name": "CVE-2025-62230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62230"
    },
    {
      "name": "CVE-2025-40104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
    },
    {
      "name": "CVE-2025-40097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40097"
    },
    {
      "name": "CVE-2025-40106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-40088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
    },
    {
      "name": "CVE-2025-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61105"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-40084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2025-40095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-40105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
    },
    {
      "name": "CVE-2025-62229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62229"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-40083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
    },
    {
      "name": "CVE-2025-62231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62231"
    },
    {
      "name": "CVE-2025-40099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
    },
    {
      "name": "CVE-2025-12060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2025-40094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
    },
    {
      "name": "CVE-2025-40102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
    },
    {
      "name": "CVE-2025-12058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12058"
    },
    {
      "name": "CVE-2025-61101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61101"
    },
    {
      "name": "CVE-2025-61107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61107"
    },
    {
      "name": "CVE-2025-61100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61100"
    },
    {
      "name": "CVE-2025-40096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
    },
    {
      "name": "CVE-2025-61104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61104"
    },
    {
      "name": "CVE-2025-40087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
    }
  ],
  "initial_release_date": "2025-11-05T00:00:00",
  "last_revision_date": "2025-11-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0966",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58189",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58189"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40099",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40099"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40083",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40083"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61724",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61103",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61103"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12058",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12058"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40087",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40087"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61100",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61100"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61105",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61105"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62229",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62229"
    },
    {
      "published_at": "2025-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40106"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62231"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61102"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40097",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40097"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40100",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40100"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40084"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58187",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58187"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40094",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40094"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61106"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40104",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40104"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40103",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40103"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61104",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61104"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40085",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40085"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47912",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47912"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40092",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40092"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40105",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40105"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40096",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40096"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61107",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61107"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40088",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40088"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58183",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61725",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61101",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61101"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61723",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61723"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40102"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40095",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40095"
    },
    {
      "published_at": "2025-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12060",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12060"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62230"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58185",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58185"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58188",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-40083 (GCVE-0-2025-40083)

Vulnerability from cvelistv5

ghsa-wf68-85vc-c49w

Vulnerability from github

wid-sec-w-2025-2441

Vulnerability from csaf_certbund

msrc_cve-2025-40083

Vulnerability from csaf_microsoft

fkie_cve-2025-40083

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0966

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature