Vulnerability-Lookup

CVE-2025-37955 (GCVE-0-2025-37955)

Vulnerability from cvelistv5 – Published: 2025-05-20 16:01 – Updated: 2025-05-26 05:24

Title

virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()

Summary

In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnet_xsk_pool_enable(): unreferenced object 0xffff88800a68a000 (size 2048): comm "xdp_helper", pid 318, jiffies 4294692778 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): __kvmalloc_node_noprof+0x402/0x570 virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882) xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226) xsk_bind+0x6a5/0x1ae0 __sys_bind+0x15e/0x230 __x64_sys_bind+0x72/0xb0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2025-37955

Vulnerability from fstec - Published: 05.05.2025

Title

Уязвимость компонента virtio-net ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента virtio-net ядра операционной системы Linux связана с неправильным освобождением памяти перед удалением последней ссылки. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Linux

Software Version

1.8 (Astra Linux Special Edition), от 6.13 до 6.14.7 (Linux), от 6.11 до 6.12.29 (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://github.com/torvalds/linux/commit/4397684a292a71fbc1e815c3e283f7490ddce5ae Для ОС Astra Linux: обновить пакет linux-6.12 до 6.12.34-1.astra1+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18

Reference

https://git.kernel.org/linus/4397684a292a71fbc1e815c3e283f7490ddce5ae https://git.kernel.org/stable/c/4397684a292a71fbc1e815c3e283f7490ddce5ae https://git.kernel.org/stable/c/94a6f6c204abb2b2dcd2ce287536cc924469cfb5 https://git.kernel.org/stable/c/ba6917810bb4a5a32661fa941717399052b3f0d9 https://github.com/torvalds/linux/commit/4397684a292a71fbc1e815c3e283f7490ddce5ae https://nvd.nist.gov/vuln/detail/CVE-2025-37955 https://security-tracker.debian.org/tracker/CVE-2025-37955 https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18

CWE

CWE-401

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.8 (Astra Linux Special Edition), \u043e\u0442 6.13 \u0434\u043e 6.14.7 (Linux), \u043e\u0442 6.11 \u0434\u043e 6.12.29 (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://github.com/torvalds/linux/commit/4397684a292a71fbc1e815c3e283f7490ddce5ae\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.12 \u0434\u043e 6.12.34-1.astra1+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.09.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-12031",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-37955",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.13 \u0434\u043e 6.14.7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.11 \u0434\u043e 6.12.29 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 virtio-net \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0438 (\u00ab\u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438\u00bb) (CWE-401)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 virtio-net \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/linus/4397684a292a71fbc1e815c3e283f7490ddce5ae\nhttps://git.kernel.org/stable/c/4397684a292a71fbc1e815c3e283f7490ddce5ae\nhttps://git.kernel.org/stable/c/94a6f6c204abb2b2dcd2ce287536cc924469cfb5\nhttps://git.kernel.org/stable/c/ba6917810bb4a5a32661fa941717399052b3f0d9\nhttps://github.com/torvalds/linux/commit/4397684a292a71fbc1e815c3e283f7490ddce5ae\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37955\nhttps://security-tracker.debian.org/tracker/CVE-2025-37955\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-401",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CERTFR-2025-AVI-0721

Vulnerability from certfr_avis - Published: 2025-08-22 - Updated: 2025-08-22

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 20.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-7704-1	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-1	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-4	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-3	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-3	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7682-6	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-2	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7703-3	2025-08-21	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-1	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7704-2	2025-08-19	vendor-advisory
Bulletin de sécurité Ubuntu USN-7699-2	2025-08-20	vendor-advisory
Bulletin de sécurité Ubuntu USN-7701-2	2025-08-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 20.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 24.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 22.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-21861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
    },
    {
      "name": "CVE-2024-58088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
    },
    {
      "name": "CVE-2025-38043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
    },
    {
      "name": "CVE-2025-21783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
    },
    {
      "name": "CVE-2025-21786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
    },
    {
      "name": "CVE-2025-38002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38002"
    },
    {
      "name": "CVE-2025-21847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
    },
    {
      "name": "CVE-2025-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
    },
    {
      "name": "CVE-2025-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
    },
    {
      "name": "CVE-2025-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
    },
    {
      "name": "CVE-2025-21763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
    },
    {
      "name": "CVE-2025-37965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37965"
    },
    {
      "name": "CVE-2025-21796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
    },
    {
      "name": "CVE-2024-49950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
    },
    {
      "name": "CVE-2025-21768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
    },
    {
      "name": "CVE-2025-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
    },
    {
      "name": "CVE-2025-37961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37961"
    },
    {
      "name": "CVE-2025-38061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
    },
    {
      "name": "CVE-2025-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
    },
    {
      "name": "CVE-2025-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
    },
    {
      "name": "CVE-2025-21779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
    },
    {
      "name": "CVE-2025-38004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
    },
    {
      "name": "CVE-2025-38016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38016"
    },
    {
      "name": "CVE-2025-21712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
    },
    {
      "name": "CVE-2025-21746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
    },
    {
      "name": "CVE-2025-38066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
    },
    {
      "name": "CVE-2025-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
    },
    {
      "name": "CVE-2025-21781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
    },
    {
      "name": "CVE-2025-38022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
    },
    {
      "name": "CVE-2025-38068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
    },
    {
      "name": "CVE-2025-21772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
    },
    {
      "name": "CVE-2025-37971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37971"
    },
    {
      "name": "CVE-2025-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
    },
    {
      "name": "CVE-2025-38056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38056"
    },
    {
      "name": "CVE-2025-38027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38027"
    },
    {
      "name": "CVE-2025-21792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
    },
    {
      "name": "CVE-2025-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37993"
    },
    {
      "name": "CVE-2025-37955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37955"
    },
    {
      "name": "CVE-2025-38015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38015"
    },
    {
      "name": "CVE-2025-37958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
    },
    {
      "name": "CVE-2025-21855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
    },
    {
      "name": "CVE-2025-38065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
    },
    {
      "name": "CVE-2025-38031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
    },
    {
      "name": "CVE-2025-37950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37950"
    },
    {
      "name": "CVE-2025-21767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
    },
    {
      "name": "CVE-2025-38008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38008"
    },
    {
      "name": "CVE-2025-38011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38011"
    },
    {
      "name": "CVE-2025-21764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2025-38025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38025"
    },
    {
      "name": "CVE-2025-38034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
    },
    {
      "name": "CVE-2025-38095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38095"
    },
    {
      "name": "CVE-2025-21838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
    },
    {
      "name": "CVE-2025-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
    },
    {
      "name": "CVE-2025-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
    },
    {
      "name": "CVE-2025-21766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
    },
    {
      "name": "CVE-2025-38024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
    },
    {
      "name": "CVE-2024-57834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
    },
    {
      "name": "CVE-2025-38078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
    },
    {
      "name": "CVE-2025-21791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
    },
    {
      "name": "CVE-2024-52559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
    },
    {
      "name": "CVE-2025-38077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
    },
    {
      "name": "CVE-2025-38005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
    },
    {
      "name": "CVE-2025-21795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
    },
    {
      "name": "CVE-2025-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
    },
    {
      "name": "CVE-2025-21780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
    },
    {
      "name": "CVE-2025-37969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
    },
    {
      "name": "CVE-2025-21787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
    },
    {
      "name": "CVE-2025-21776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
    },
    {
      "name": "CVE-2025-21706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
    },
    {
      "name": "CVE-2025-38014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38014"
    },
    {
      "name": "CVE-2025-38003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
    },
    {
      "name": "CVE-2025-38007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38007"
    },
    {
      "name": "CVE-2025-21760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
    },
    {
      "name": "CVE-2025-38079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
    },
    {
      "name": "CVE-2025-37964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
    },
    {
      "name": "CVE-2025-21785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
    },
    {
      "name": "CVE-2024-58086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
    },
    {
      "name": "CVE-2025-37999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37999"
    },
    {
      "name": "CVE-2025-38018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38018"
    },
    {
      "name": "CVE-2025-21857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-21848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
    },
    {
      "name": "CVE-2025-37952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37952"
    },
    {
      "name": "CVE-2025-38012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38012"
    },
    {
      "name": "CVE-2025-38019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38019"
    },
    {
      "name": "CVE-2025-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
    },
    {
      "name": "CVE-2025-38037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
    },
    {
      "name": "CVE-2025-37962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37962"
    },
    {
      "name": "CVE-2025-21862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
    },
    {
      "name": "CVE-2025-37972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37972"
    },
    {
      "name": "CVE-2025-38010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38010"
    },
    {
      "name": "CVE-2024-57977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
    },
    {
      "name": "CVE-2025-37970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
    },
    {
      "name": "CVE-2025-38013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38013"
    },
    {
      "name": "CVE-2025-37956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37956"
    },
    {
      "name": "CVE-2025-38094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
    },
    {
      "name": "CVE-2025-38072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
    },
    {
      "name": "CVE-2025-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
    },
    {
      "name": "CVE-2025-38075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
    },
    {
      "name": "CVE-2025-37949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
    },
    {
      "name": "CVE-2025-37957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
    },
    {
      "name": "CVE-2025-38058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
    },
    {
      "name": "CVE-2025-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
    },
    {
      "name": "CVE-2025-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
    },
    {
      "name": "CVE-2025-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
    },
    {
      "name": "CVE-2024-54458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
    },
    {
      "name": "CVE-2025-37951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
    },
    {
      "name": "CVE-2025-37947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37947"
    },
    {
      "name": "CVE-2025-21859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
    },
    {
      "name": "CVE-2025-21761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
    },
    {
      "name": "CVE-2025-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
    },
    {
      "name": "CVE-2025-21844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
    },
    {
      "name": "CVE-2025-21784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
    },
    {
      "name": "CVE-2024-58020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
    },
    {
      "name": "CVE-2025-37973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37973"
    },
    {
      "name": "CVE-2025-37996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37996"
    },
    {
      "name": "CVE-2025-21775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
    },
    {
      "name": "CVE-2025-21846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
    },
    {
      "name": "CVE-2025-37998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
    },
    {
      "name": "CVE-2025-37968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
    },
    {
      "name": "CVE-2025-38006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38006"
    },
    {
      "name": "CVE-2025-38048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
    },
    {
      "name": "CVE-2025-21765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
    },
    {
      "name": "CVE-2025-21782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
    },
    {
      "name": "CVE-2025-38009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
    },
    {
      "name": "CVE-2025-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
    },
    {
      "name": "CVE-2024-54456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
    },
    {
      "name": "CVE-2024-38541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
    },
    {
      "name": "CVE-2025-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
    },
    {
      "name": "CVE-2025-21773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
    },
    {
      "name": "CVE-2025-21858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
    },
    {
      "name": "CVE-2025-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
    },
    {
      "name": "CVE-2025-21821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
    },
    {
      "name": "CVE-2025-38052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
    },
    {
      "name": "CVE-2025-38035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
    },
    {
      "name": "CVE-2025-37963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
    },
    {
      "name": "CVE-2024-50073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
    },
    {
      "name": "CVE-2025-37948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
    },
    {
      "name": "CVE-2025-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
    },
    {
      "name": "CVE-2025-21856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
    },
    {
      "name": "CVE-2025-37960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37960"
    },
    {
      "name": "CVE-2025-38051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
    },
    {
      "name": "CVE-2025-37954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
    },
    {
      "name": "CVE-2025-38044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
    },
    {
      "name": "CVE-2025-37959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
    },
    {
      "name": "CVE-2025-21793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
    },
    {
      "name": "CVE-2025-21854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
    },
    {
      "name": "CVE-2023-52757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2023-52975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52975"
    },
    {
      "name": "CVE-2025-37966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37966"
    },
    {
      "name": "CVE-2025-38028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38028"
    },
    {
      "name": "CVE-2025-21790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
    },
    {
      "name": "CVE-2025-38020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38020"
    },
    {
      "name": "CVE-2025-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
    },
    {
      "name": "CVE-2025-38021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38021"
    }
  ],
  "initial_release_date": "2025-08-22T00:00:00",
  "last_revision_date": "2025-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0721",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-1",
      "url": "https://ubuntu.com/security/notices/USN-7704-1"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-1",
      "url": "https://ubuntu.com/security/notices/USN-7703-1"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-4",
      "url": "https://ubuntu.com/security/notices/USN-7704-4"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-3",
      "url": "https://ubuntu.com/security/notices/USN-7704-3"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-3",
      "url": "https://ubuntu.com/security/notices/USN-7701-3"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-6",
      "url": "https://ubuntu.com/security/notices/USN-7682-6"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-2",
      "url": "https://ubuntu.com/security/notices/USN-7703-2"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-3",
      "url": "https://ubuntu.com/security/notices/USN-7703-3"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-1",
      "url": "https://ubuntu.com/security/notices/USN-7701-1"
    },
    {
      "published_at": "2025-08-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-2",
      "url": "https://ubuntu.com/security/notices/USN-7704-2"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7699-2",
      "url": "https://ubuntu.com/security/notices/USN-7699-2"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-2",
      "url": "https://ubuntu.com/security/notices/USN-7701-2"
    }
  ]
}

GHSA-F2J7-H8J9-XXJC

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-14 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()

The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnet_xsk_pool_enable():

unreferenced object 0xffff88800a68a000 (size 2048): comm "xdp_helper", pid 318, jiffies 4294692778 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): __kvmalloc_node_noprof+0x402/0x570 virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882) xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226) xsk_bind+0x6a5/0x1ae0 __sys_bind+0x15e/0x230 __x64_sys_bind+0x72/0xb0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-37955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()\n\nThe selftests added to our CI by Bui Quang Minh recently reveals\nthat there is a mem leak on the error path of virtnet_xsk_pool_enable():\n\nunreferenced object 0xffff88800a68a000 (size 2048):\n  comm \"xdp_helper\", pid 318, jiffies 4294692778\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 0):\n    __kvmalloc_node_noprof+0x402/0x570\n    virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882)\n    xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226)\n    xsk_bind+0x6a5/0x1ae0\n    __sys_bind+0x15e/0x230\n    __x64_sys_bind+0x72/0xb0\n    do_syscall_64+0xc1/0x1d0\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f",
  "id": "GHSA-f2j7-h8j9-xxjc",
  "modified": "2025-11-14T18:31:19Z",
  "published": "2025-05-20T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4397684a292a71fbc1e815c3e283f7490ddce5ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94a6f6c204abb2b2dcd2ce287536cc924469cfb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba6917810bb4a5a32661fa941717399052b3f0d9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-37955

Vulnerability from fkie_nvd - Published: 2025-05-20 16:15 - Updated: 2025-11-14 17:03

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4397684a292a71fbc1e815c3e283f7490ddce5ae	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/94a6f6c204abb2b2dcd2ce287536cc924469cfb5	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ba6917810bb4a5a32661fa941717399052b3f0d9	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15
linux	linux_kernel	6.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3B7048-967C-414A-B087-A7C6401D4BC0",
              "versionEndExcluding": "6.12.29",
              "versionStartIncluding": "6.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5715A6F5-A34A-4B27-8A64-82825E963995",
              "versionEndExcluding": "6.14.7",
              "versionStartIncluding": "6.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "13FC0DDE-E513-465E-9E81-515702D49B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "8C7B5B0E-4EEB-48F5-B4CF-0935A7633845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2D240580-3048-49B2-9E27-F115A9DF8224",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()\n\nThe selftests added to our CI by Bui Quang Minh recently reveals\nthat there is a mem leak on the error path of virtnet_xsk_pool_enable():\n\nunreferenced object 0xffff88800a68a000 (size 2048):\n  comm \"xdp_helper\", pid 318, jiffies 4294692778\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 0):\n    __kvmalloc_node_noprof+0x402/0x570\n    virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882)\n    xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226)\n    xsk_bind+0x6a5/0x1ae0\n    __sys_bind+0x15e/0x230\n    __x64_sys_bind+0x72/0xb0\n    do_syscall_64+0xc1/0x1d0\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-net: xsk_buffs libres en caso de error en virtnet_xsk_pool_enable() Las autopruebas a\u00f1adidas a nuestra CI por Bui Quang Minh revelan recientemente que hay una fuga de memoria en la ruta de error de virtnet_xsk_pool_enable(): objeto sin referencia 0xffff88800a68a000 (tama\u00f1o 2048): comm \"xdp_helper\", pid 318, jiffies 4294692778 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso (crc 0): __kvmalloc_node_noprof+0x402/0x570 virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882) xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226) xsk_bind+0x6a5/0x1ae0 __sys_bind+0x15e/0x230 __x64_sys_bind+0x72/0xb0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f"
    }
  ],
  "id": "CVE-2025-37955",
  "lastModified": "2025-11-14T17:03:24.610",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-20T16:15:33.710",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4397684a292a71fbc1e815c3e283f7490ddce5ae"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/94a6f6c204abb2b2dcd2ce287536cc924469cfb5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ba6917810bb4a5a32661fa941717399052b3f0d9"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-37955 (GCVE-0-2025-37955)

CVE-2025-37955

CERTFR-2025-AVI-0721

Solutions

GHSA-F2J7-H8J9-XXJC

FKIE_CVE-2025-37955

Tags

Sightings

Nomenclature