cvelistv5 - cve-2025-38214

CVE-2025-38214 (GCVE-0-2025-38214)

Vulnerability from cvelistv5

Published

2025-07-04 13:37

Modified

2025-07-28 04:15

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ The reason is that fb_info->var is being modified in fb_set_var(), and then fb_videomode_to_var() is called. If it fails to add the mode to fb_info->modelist, fb_set_var() returns error, but does not restore the old value of fb_info->var. Restore fb_info->var on failure the same way it is done earlier in the function. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

References

►

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Version: 2.6.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/core/fbmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ee20216f12d9482cd70e44dae5e7fabb38367c71",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fab201d72fde38d081e2c5d4ad25595c535b7b22",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1a10d91766eb6ddfd5414e4785611e33a4fe0f9b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ff0e037241173b574b385bff53d67567b9816db5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3ca78032a388a0795201792b36e6fc9b6e6e8eed",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b3071bb463ea1e6c686d0dc9638fc940f2f5cf17",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8a3a2887794b2c8e78b3e5d6e3de724527c9f41b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "05f6e183879d9785a3cdf2f08a498bc31b7a20aa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/core/fbmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.95",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.35",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:15:21.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71"
        },
        {
          "url": "https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b"
        },
        {
          "url": "https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa"
        }
      ],
      "title": "fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38214",
    "datePublished": "2025-07-04T13:37:32.410Z",
    "dateReserved": "2025-04-16T04:51:23.995Z",
    "dateUpdated": "2025-07-28T04:15:21.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38214\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-04T14:15:29.843\",\"lastModified\":\"2025-07-08T16:18:53.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\\n\\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\\nfb_videomode, later it may lead to a null-ptr dereference in\\nfb_videomode_to_var(), as the fb_info is registered while not having the\\nmode in modelist that is expected to be there, i.e. the one that is\\ndescribed in fb_info-\u003evar.\\n\\n================================================================\\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\\nCall Trace:\\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\\n vfs_ioctl fs/ioctl.c:48 [inline]\\n __do_sys_ioctl fs/ioctl.c:753 [inline]\\n __se_sys_ioctl fs/ioctl.c:739 [inline]\\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\\n================================================================\\n\\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\\nthen fb_videomode_to_var() is called. If it fails to add the mode to\\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\\nit is done earlier in the function.\\n\\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: Corregir fb_set_var para evitar la desreferencia null-ptr en fb_videomode_to_var Si fb_add_videomode() en fb_set_var() no puede asignar memoria para fb_videomode, m\u00e1s tarde puede conducir a una desreferencia null-ptr en fb_videomode_to_var(), ya que fb_info se registra sin tener el modo en modelist que se espera que est\u00e9 all\u00ed, es decir, el que se describe en fb_info-\u0026gt;var.\\n================================================================ \\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ \\nEl motivo es que fb_info-\u0026gt;var se modifica en fb_set_var() y, a continuaci\u00f3n, se llama a fb_videomode_to_var(). Si no se logra agregar el modo a fb_info-\u0026gt;modelist, fb_set_var() devuelve un error, pero no restaura el valor anterior de fb_info-\u0026gt;var. Si falla, restaure fb_info-\u0026gt;var de la misma forma que se hizo anteriormente en la funci\u00f3n. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

fkie_cve-2025-38214

Vulnerability from fkie_nvd

Published

2025-07-04 14:15

Modified

2025-07-08 16:18

Severity ?

Summary

References

▶	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: Corregir fb_set_var para evitar la desreferencia null-ptr en fb_videomode_to_var Si fb_add_videomode() en fb_set_var() no puede asignar memoria para fb_videomode, m\u00e1s tarde puede conducir a una desreferencia null-ptr en fb_videomode_to_var(), ya que fb_info se registra sin tener el modo en modelist que se espera que est\u00e9 all\u00ed, es decir, el que se describe en fb_info-\u0026gt;var.\n================================================================ \ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ \nEl motivo es que fb_info-\u0026gt;var se modifica en fb_set_var() y, a continuaci\u00f3n, se llama a fb_videomode_to_var(). Si no se logra agregar el modo a fb_info-\u0026gt;modelist, fb_set_var() devuelve un error, pero no restaura el valor anterior de fb_info-\u0026gt;var. Si falla, restaure fb_info-\u0026gt;var de la misma forma que se hizo anteriormente en la funci\u00f3n. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller."
    }
  ],
  "id": "CVE-2025-38214",
  "lastModified": "2025-07-08T16:18:53.607",
  "metrics": {},
  "published": "2025-07-04T14:15:29.843",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

ghsa-j93v-637x-3gwq

Vulnerability from github

Published

2025-07-04 15:31

Modified

2025-07-04 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var

If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var.

================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================

The reason is that fb_info->var is being modified in fb_set_var(), and then fb_videomode_to_var() is called. If it fails to add the mode to fb_info->modelist, fb_set_var() returns error, but does not restore the old value of fb_info->var. Restore fb_info->var on failure the same way it is done earlier in the function.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38214"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:29Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
  "id": "GHSA-j93v-637x-3gwq",
  "modified": "2025-07-04T15:31:09Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38214"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05f6e183879d9785a3cdf2f08a498bc31b7a20aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a10d91766eb6ddfd5414e4785611e33a4fe0f9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ca78032a388a0795201792b36e6fc9b6e6e8eed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a3a2887794b2c8e78b3e5d6e3de724527c9f41b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3071bb463ea1e6c686d0dc9638fc940f2f5cf17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee20216f12d9482cd70e44dae5e7fabb38367c71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fab201d72fde38d081e2c5d4ad25595c535b7b22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff0e037241173b574b385bff53d67567b9816db5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

wid-sec-w-2025-1465

Vulnerability from csaf_certbund

Published

2025-07-06 22:00

Modified

2025-08-18 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1465 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1465.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1465 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1465"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38177",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070411-CVE-2025-38177-bd6c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38178",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070407-CVE-2025-38178-8846@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38179",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070410-CVE-2025-38179-45b4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38180",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070410-CVE-2025-38180-c6d0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38181",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070411-CVE-2025-38181-3497@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38182",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070411-CVE-2025-38182-fd0c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38183",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070411-CVE-2025-38183-1283@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38184",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070412-CVE-2025-38184-d45c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38185",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070412-CVE-2025-38185-76cb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38186",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070412-CVE-2025-38186-6542@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38187",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38187-dafd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38188",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38188-e0a5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38189",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070414-CVE-2025-38189-5706@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38190",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070414-CVE-2025-38190-5b22@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38191",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070414-CVE-2025-38191-ee47@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38192",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070415-CVE-2025-38192-6a15@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38193",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070415-CVE-2025-38193-0fb1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38194",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070415-CVE-2025-38194-1c50@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38195",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070416-CVE-2025-38195-1f8b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38196",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070416-CVE-2025-38196-ba59@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38197",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070416-CVE-2025-38197-0bd2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38198",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38198-b902@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38199",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38199-287e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38200",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38200-47d9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38201",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38201-9575@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38202",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38202-bef0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38203",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38203-8c33@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38204",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38204-c216@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38205",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38205-0316@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38206",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38206-a077@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38207",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38207-e2ea@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38208",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38208-97e1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38209",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070421-CVE-2025-38209-52b8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38210",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070421-CVE-2025-38210-3804@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38211",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070422-CVE-2025-38211-215a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38212",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070422-CVE-2025-38212-5bd9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38213",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070422-CVE-2025-38213-c3e3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38214",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070423-CVE-2025-38214-539a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38215",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070423-CVE-2025-38215-ddbd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38216",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070423-CVE-2025-38216-7786@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38217",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070424-CVE-2025-38217-d1ab@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38218",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070424-CVE-2025-38218-a5e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38219",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070424-CVE-2025-38219-b284@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38220",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070425-CVE-2025-38220-a235@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38221",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070425-CVE-2025-38221-f152@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38222",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070426-CVE-2025-38222-3cfe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38223",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070426-CVE-2025-38223-2e38@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38224",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070426-CVE-2025-38224-5e01@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38225",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070427-CVE-2025-38225-75f6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38226",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070427-CVE-2025-38226-e5b5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38227",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070427-CVE-2025-38227-f91b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38228",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070428-CVE-2025-38228-67fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38229",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070428-CVE-2025-38229-d2d5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38230",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070429-CVE-2025-38230-e106@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38231",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070429-CVE-2025-38231-c61c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38232",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070429-CVE-2025-38232-8112@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38233",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070430-CVE-2025-38233-38e0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38234",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070430-CVE-2025-38234-6984@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38235",
        "url": "https://lore.kernel.org/linux-cve-announce/2025070619-CVE-2025-38235-0098@gregkh/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
        "url": "https://ubuntu.com/security/notices/USN-7653-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7649-1 vom 2025-07-17",
        "url": "https://ubuntu.com/security/notices/USN-7649-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7650-1 vom 2025-07-17",
        "url": "https://ubuntu.com/security/notices/USN-7650-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7655-1 vom 2025-07-18",
        "url": "https://ubuntu.com/security/notices/USN-7655-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7649-2 vom 2025-07-22",
        "url": "https://ubuntu.com/security/notices/USN-7649-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7665-1 vom 2025-07-22",
        "url": "https://ubuntu.com/security/notices/USN-7665-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7665-2 vom 2025-07-24",
        "url": "https://ubuntu.com/security/notices/USN-7665-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7671-1 vom 2025-07-25",
        "url": "https://ubuntu.com/security/notices/USN-7671-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7671-2 vom 2025-07-29",
        "url": "https://ubuntu.com/security/notices/USN-7671-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02588-1 vom 2025-08-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQYPF6FAXKWBHQ4POBUPZVPW4L73XJR5/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-100 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-100.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-098 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-098.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7671-3 vom 2025-08-04",
        "url": "https://ubuntu.com/security/notices/USN-7671-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
        "url": "https://ubuntu.com/security/notices/USN-7686-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-101 vom 2025-08-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-101.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4271 vom 2025-08-13",
        "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02853-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022200.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02852-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022201.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02849-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02851-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022202.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02844-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02846-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022192.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02850-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022203.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02848-1 vom 2025-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022193.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-08-18T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-19T05:55:51.300+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1465",
      "initial_release_date": "2025-07-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-22T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-24T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-27T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-08-05T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-10T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-08-18T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.16-rc5",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.16-rc5",
                  "product_id": "T045080"
                }
              },
              {
                "category": "product_version",
                "name": "6.16-rc5",
                "product": {
                  "name": "Open Source Linux Kernel 6.16-rc5",
                  "product_id": "T045080-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.16-rc5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.15.5",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.15.5",
                  "product_id": "T045081"
                }
              },
              {
                "category": "product_version",
                "name": "6.15.5",
                "product": {
                  "name": "Open Source Linux Kernel 6.15.5",
                  "product_id": "T045081-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.15.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.12.36",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.12.36",
                  "product_id": "T045082"
                }
              },
              {
                "category": "product_version",
                "name": "6.12.36",
                "product": {
                  "name": "Open Source Linux Kernel 6.12.36",
                  "product_id": "T045082-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.12.36"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.6.96",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.6.96",
                  "product_id": "T045083"
                }
              },
              {
                "category": "product_version",
                "name": "6.6.96",
                "product": {
                  "name": "Open Source Linux Kernel 6.6.96",
                  "product_id": "T045083-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.6.96"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.143",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.1.143",
                  "product_id": "T045084"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.143",
                "product": {
                  "name": "Open Source Linux Kernel 6.1.143",
                  "product_id": "T045084-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.1.143"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-38177",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38177"
    },
    {
      "cve": "CVE-2025-38178",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38178"
    },
    {
      "cve": "CVE-2025-38179",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38179"
    },
    {
      "cve": "CVE-2025-38180",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38180"
    },
    {
      "cve": "CVE-2025-38181",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38181"
    },
    {
      "cve": "CVE-2025-38182",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38182"
    },
    {
      "cve": "CVE-2025-38183",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38183"
    },
    {
      "cve": "CVE-2025-38184",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38184"
    },
    {
      "cve": "CVE-2025-38185",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38185"
    },
    {
      "cve": "CVE-2025-38186",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38186"
    },
    {
      "cve": "CVE-2025-38187",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38187"
    },
    {
      "cve": "CVE-2025-38188",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38188"
    },
    {
      "cve": "CVE-2025-38189",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38189"
    },
    {
      "cve": "CVE-2025-38190",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38190"
    },
    {
      "cve": "CVE-2025-38191",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38191"
    },
    {
      "cve": "CVE-2025-38192",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38192"
    },
    {
      "cve": "CVE-2025-38193",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38193"
    },
    {
      "cve": "CVE-2025-38194",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38194"
    },
    {
      "cve": "CVE-2025-38195",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38195"
    },
    {
      "cve": "CVE-2025-38196",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38196"
    },
    {
      "cve": "CVE-2025-38197",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38197"
    },
    {
      "cve": "CVE-2025-38198",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38198"
    },
    {
      "cve": "CVE-2025-38199",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38199"
    },
    {
      "cve": "CVE-2025-38200",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38200"
    },
    {
      "cve": "CVE-2025-38201",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38201"
    },
    {
      "cve": "CVE-2025-38202",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38202"
    },
    {
      "cve": "CVE-2025-38203",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38203"
    },
    {
      "cve": "CVE-2025-38204",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38204"
    },
    {
      "cve": "CVE-2025-38205",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38205"
    },
    {
      "cve": "CVE-2025-38206",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38206"
    },
    {
      "cve": "CVE-2025-38207",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38207"
    },
    {
      "cve": "CVE-2025-38208",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38208"
    },
    {
      "cve": "CVE-2025-38209",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38209"
    },
    {
      "cve": "CVE-2025-38210",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38210"
    },
    {
      "cve": "CVE-2025-38211",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38211"
    },
    {
      "cve": "CVE-2025-38212",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38212"
    },
    {
      "cve": "CVE-2025-38213",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38213"
    },
    {
      "cve": "CVE-2025-38214",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38214"
    },
    {
      "cve": "CVE-2025-38215",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38215"
    },
    {
      "cve": "CVE-2025-38216",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38216"
    },
    {
      "cve": "CVE-2025-38217",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38217"
    },
    {
      "cve": "CVE-2025-38218",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38218"
    },
    {
      "cve": "CVE-2025-38219",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38219"
    },
    {
      "cve": "CVE-2025-38220",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38220"
    },
    {
      "cve": "CVE-2025-38221",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38221"
    },
    {
      "cve": "CVE-2025-38222",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38222"
    },
    {
      "cve": "CVE-2025-38223",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38223"
    },
    {
      "cve": "CVE-2025-38224",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38224"
    },
    {
      "cve": "CVE-2025-38225",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38225"
    },
    {
      "cve": "CVE-2025-38226",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38226"
    },
    {
      "cve": "CVE-2025-38227",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38227"
    },
    {
      "cve": "CVE-2025-38228",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38228"
    },
    {
      "cve": "CVE-2025-38229",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38229"
    },
    {
      "cve": "CVE-2025-38230",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38230"
    },
    {
      "cve": "CVE-2025-38231",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38231"
    },
    {
      "cve": "CVE-2025-38232",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38232"
    },
    {
      "cve": "CVE-2025-38233",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38233"
    },
    {
      "cve": "CVE-2025-38234",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38234"
    },
    {
      "cve": "CVE-2025-38235",
      "product_status": {
        "known_affected": [
          "T045080",
          "2951",
          "T002207",
          "T045082",
          "T045081",
          "T000126",
          "T045084",
          "T045083",
          "398363"
        ]
      },
      "release_date": "2025-07-06T22:00:00.000+00:00",
      "title": "CVE-2025-38235"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38214 (GCVE-0-2025-38214)

Vulnerability from cvelistv5

fkie_cve-2025-38214

Vulnerability from fkie_nvd

ghsa-j93v-637x-3gwq

Vulnerability from github

wid-sec-w-2025-1465

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature