From c7b6c9090fb6e16d5bdbc4bb44accba0509b3f07 Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 31 Oct 2025 15:20:32 +0000 Subject: [PATCH 1/5] Analysis for CVE-2025-38464.yml --- vulns/CVE-2025-38464.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 vulns/CVE-2025-38464.yml diff --git a/vulns/CVE-2025-38464.yml b/vulns/CVE-2025-38464.yml new file mode 100644 index 0000000..f0f9f58 --- /dev/null +++ b/vulns/CVE-2025-38464.yml @@ -0,0 +1,8 @@ +reachability: Local +memory_corruption: true +bug_class: UaF +impact: LPE, DoS +privileges_required: false +notes: Can be triggered by unprivileged user through namespaces +author: Oracle Corporation +version: v0.1 From 324058c6000c36a3e67662ba511694b8867333cf Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 31 Oct 2025 15:20:32 +0000 Subject: [PATCH 2/5] Analysis for CVE-2025-38724.yml --- vulns/CVE-2025-38724.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 vulns/CVE-2025-38724.yml diff --git a/vulns/CVE-2025-38724.yml b/vulns/CVE-2025-38724.yml new file mode 100644 index 0000000..e584183 --- /dev/null +++ b/vulns/CVE-2025-38724.yml @@ -0,0 +1,8 @@ +reachability: remote +memory_corruption: true +bug_class: UAF +impact: LPE or RCE +privileges_required: false +notes: use-after-free in the NFSv4 client id confirmation code. +author: Oracle Corporation +version: v0.1 From 298564c5619a9b70cbc6ef370b27788decf1eaac Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 31 Oct 2025 15:20:32 +0000 Subject: [PATCH 3/5] Analysis for CVE-2025-39946.yml --- vulns/CVE-2025-39946.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 vulns/CVE-2025-39946.yml diff --git a/vulns/CVE-2025-39946.yml b/vulns/CVE-2025-39946.yml new file mode 100644 index 0000000..1a68553 --- /dev/null +++ b/vulns/CVE-2025-39946.yml @@ -0,0 +1,12 @@ +reachability: Remote +memory_corruption: true +bug_class: Buffer Overflow +impact: LPE +privileges_required: false +notes: |- + An unprivileged user can create a TCP connection (loopback or network + namespace) and enable kTLS RX through setsockopt() If kTLS is enabled for + inbound connections, then an unprivileged remote attacker can trigger the OOW + kCTF entry exp422 +author: Oracle Corporation +version: v0.1 From e0303dd3a572d20cb1c27c299939d46c86ed834b Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 31 Oct 2025 15:20:32 +0000 Subject: [PATCH 4/5] Analysis for CVE-2025-39973.yml --- vulns/CVE-2025-39973.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 vulns/CVE-2025-39973.yml diff --git a/vulns/CVE-2025-39973.yml b/vulns/CVE-2025-39973.yml new file mode 100644 index 0000000..915d352 --- /dev/null +++ b/vulns/CVE-2025-39973.yml @@ -0,0 +1,8 @@ +reachability: VM +memory_corruption: true +bug_class: Buffer Overflow +impact: DoS, information leak, VM escape +privileges_required: false +notes: No host privileges required IF a VF is exposed to the VM +author: Oracle Corporation +version: v0.1 From 1617a1f24336fd6710f60f9891223babee9d25f5 Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 31 Oct 2025 15:20:32 +0000 Subject: [PATCH 5/5] Analysis for CVE-2025-39977.yml --- vulns/CVE-2025-39977.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 vulns/CVE-2025-39977.yml diff --git a/vulns/CVE-2025-39977.yml b/vulns/CVE-2025-39977.yml new file mode 100644 index 0000000..3f14476 --- /dev/null +++ b/vulns/CVE-2025-39977.yml @@ -0,0 +1,8 @@ +reachability: Local +memory_corruption: true +bug_class: UaF +impact: LPE, Info Leak +privileges_required: false +notes: "" +author: Oracle Corporation +version: v0.1