ISHACK AI BOT

SUSE: CVE-2025-23013: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/22/2025 Description In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password. Solution(s) suse-upgrade-pam_u2f References https://attackerkb.com/topics/cve-2025-23013 CVE - 2025-23013

SUSE: CVE-2025-0437: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/15/2025 Created 01/23/2025 Added 01/21/2025 Modified 01/28/2025 Description Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0437 CVE - 2025-0437

Google Chrome Vulnerability: CVE-2025-0439 Race in Frames Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/17/2025 Description Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0439 CVE - 2025-0439

SUSE: CVE-2025-0440: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0440 CVE - 2025-0440

Debian: CVE-2025-23013: pam-u2f -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/01/2025 Added 01/31/2025 Modified 02/04/2025 Description In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password. Solution(s) debian-upgrade-pam-u2f References https://attackerkb.com/topics/cve-2025-23013 CVE - 2025-23013 DSA-5853-1

VMware Photon OS: CVE-2024-57890 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/15/2025 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping.Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap.The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two things.First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math.Then I've modified all the callers to use size_mul() for the multiplications. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-57890 CVE - 2024-57890

Debian: CVE-2025-0446: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0446 CVE - 2025-0446 DSA-5844-1

Debian: CVE-2025-0440: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0440 CVE - 2025-0440 DSA-5844-1

Microsoft Edge Chromium: CVE-2025-0438 Stack buffer overflow in Tracing Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-0438 CVE - 2025-0438 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0438

Debian: CVE-2024-57902: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50 R10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140 R13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014 FS:00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_tci+0x272/0x550 net/packet/af_packet.c:565 packet_recvmsg+0x13c9/0x1ef0 net/packet/af_packet.c:3616 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1066 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814 ___sys_recvmsg net/socket.c:2856 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2951 __sys_recvmmsg net/socket.c:3025 [inline] __do_sys_recvmmsg net/socket.c:3048 [inline] __se_sys_recvmmsg net/socket.c:3041 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3041 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57902 CVE - 2024-57902

Microsoft Edge Chromium: CVE-2025-0439 Race in Frames Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-0439 CVE - 2025-0439 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0439

VMware Photon OS: CVE-2024-54031 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/30/2025 Added 01/29/2025 Modified 01/29/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21: alignment fault [ 72.135593] Data abort info: [ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000 [ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000 [ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403, +pte=0068000102bb7707 [ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP [...] [ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: GE6.13.0-rc3+ #2 [ 72.170509] Tainted: [E]=UNSIGNED_MODULE [ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023 [ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables] [ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables] [ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables] [ 72.172546] sp : ffff800081f2bce0 [ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038 [ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78 [ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78 [ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000 [ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978 [ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0 [ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000 [ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000 [ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000 [ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004 [ 72.176207] Call trace: [ 72.176316]nft_rhash_gc+0x200/0x2d8 [nf_tables] (P) [ 72.176653]process_one_work+0x178/0x3d0 [ 72.176831]worker_thread+0x200/0x3f0 [ 72.176995]kthread+0xe8/0xf8 [ 72.177130]ret_from_fork+0x10/0x20 [ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f) [ 72.177557] ---[ end trace 0000000000000000 ]--- Align struct nft_set_ext to word size to address this and documentation it. pahole reports that this increases the size of elements for rhash and pipapo in 8 bytes on x86_64. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-54031 CVE - 2024-54031

Debian: CVE-2024-57896: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread - which was already destroyed before, resulting in a use-after-free on the task_struct. Syzbot reported this with the following stack traces: BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncated--- Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57896 CVE - 2024-57896

Debian: CVE-2024-36476: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/[email protected]/ Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-36476 CVE - 2024-36476

Debian: CVE-2025-0435: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0435 CVE - 2025-0435 DSA-5844-1

Google Chrome Vulnerability: CVE-2025-0437 Out of bounds read in Metrics Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/28/2025 Description Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0437 CVE - 2025-0437

Google Chrome Vulnerability: CVE-2025-0448 Inappropriate implementation in Compositing Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/17/2025 Description Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0448 CVE - 2025-0448

VMware Photon OS: CVE-2024-57902 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/30/2025 Added 01/29/2025 Modified 01/29/2025 Description In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50 R10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140 R13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014 FS:00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_tci+0x272/0x550 net/packet/af_packet.c:565 packet_recvmsg+0x13c9/0x1ef0 net/packet/af_packet.c:3616 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1066 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814 ___sys_recvmsg net/socket.c:2856 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2951 __sys_recvmmsg net/socket.c:3025 [inline] __do_sys_recvmmsg net/socket.c:3048 [inline] __se_sys_recvmmsg net/socket.c:3041 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3041 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-57902 CVE - 2024-57902

Microsoft Windows: CVE-2025-21189: MapUrlToZone Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21189: MapUrlToZone Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21189 CVE - 2025-21189 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Edge Chromium: CVE-2025-0443 Insufficient data validation in Extensions Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-0443 CVE - 2025-0443 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0443

Alma Linux: CVE-2024-53263: Important: git-lfs security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time. Solution(s) alma-upgrade-git-lfs References https://attackerkb.com/topics/cve-2024-53263 CVE - 2024-53263 https://errata.almalinux.org/8/ALSA-2025-0845.html https://errata.almalinux.org/9/ALSA-2025-0673.html

Microsoft Windows: CVE-2025-21270: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21270: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21270 CVE - 2025-21270 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21229: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21229: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21229 CVE - 2025-21229 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Amazon Linux AMI: CVE-2024-12747: Security patch for rsync (ALAS-2025-1955) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/21/2025 Added 01/18/2025 Modified 01/18/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) amazon-linux-upgrade-rsync References ALAS-2025-1955 CVE-2024-12747

Microsoft Windows: CVE-2025-21210: Windows BitLocker Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21210: Windows BitLocker Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21210 CVE - 2025-21210 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more