From 877e9195d8e2aec4ea3cf411515a7080931f1052 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 1/6] Analysis for CVE-2025-40018.yml

---
 vulns/CVE-2025-40018.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-40018.yml

diff --git a/vulns/CVE-2025-40018.yml b/vulns/CVE-2025-40018.yml
new file mode 100644
index 0000000..f860d9c
--- /dev/null
+++ b/vulns/CVE-2025-40018.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: |2-
+   UaF on struct ip_vs_app during netns cleanup, reachable by unprivileged user
+  through namespaces
+author: Oracle Corporation
+version: v0.1

From 78b85ac488763fba864b2a17dc35478f6aafc6d1 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 2/6] Analysis for CVE-2025-40214.yml

---
 vulns/CVE-2025-40214.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 vulns/CVE-2025-40214.yml

diff --git a/vulns/CVE-2025-40214.yml b/vulns/CVE-2025-40214.yml
new file mode 100644
index 0000000..7a74d29
--- /dev/null
+++ b/vulns/CVE-2025-40214.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: UaF on struct sk_buff objects leading to LPE
+author: Oracle Corporation
+version: v0.1

From 778a1878e3081dface0397a56d2c67d2ae238456 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 3/6] Analysis for CVE-2025-40216.yml

---
 vulns/CVE-2025-40216.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-40216.yml

diff --git a/vulns/CVE-2025-40216.yml b/vulns/CVE-2025-40216.yml
new file mode 100644
index 0000000..ac3eaee
--- /dev/null
+++ b/vulns/CVE-2025-40216.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: OOB Write
+impact: DoS, possibly LPE or VM-escape
+privileges_required: false
+notes: |2-
+   Out of bounds access in io_uring subsystem leading to Info Leak and
+  potentially LPE, confirmed by kCTF.
+author: Oracle Corporation
+version: v0.1

From 43208ef4b547ca9d385d8e46a2475caffccd2b7a Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 4/6] Analysis for CVE-2025-40257.yml

---
 vulns/CVE-2025-40257.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-40257.yml

diff --git a/vulns/CVE-2025-40257.yml b/vulns/CVE-2025-40257.yml
new file mode 100644
index 0000000..e691d86
--- /dev/null
+++ b/vulns/CVE-2025-40257.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UAF
+impact: DoS or LPE
+privileges_required: false
+notes: |2-
+   Race in mptcp_pm_del_add_timer() allows use-after-free of
+  mptcp_pm_addr_entry after it is unlinked and freed by another thread.
+author: Oracle Corporation
+version: v0.1

From 15050b6b77832324263877e1044f4b0e322663f5 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 5/6] Analysis for CVE-2025-40258.yml

---
 vulns/CVE-2025-40258.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-40258.yml

diff --git a/vulns/CVE-2025-40258.yml b/vulns/CVE-2025-40258.yml
new file mode 100644
index 0000000..895ea52
--- /dev/null
+++ b/vulns/CVE-2025-40258.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UAF
+impact: DOS or LPE
+privileges_required: false
+notes: |2-
+   Race between schedule_work() and late sock_hold() in mptcp_schedule_work(),
+  yielding a classic use-after-free on kmem_cache_sock
+author: Oracle Corporation
+version: v0.1

From 035db7f8fa1ba62f4012f4e1bd719e098bef03d2 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 16 Jan 2026 15:33:30 +0000
Subject: [PATCH 6/6] Analysis for CVE-2025-68209.yml

---
 vulns/CVE-2025-68209.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-68209.yml

diff --git a/vulns/CVE-2025-68209.yml b/vulns/CVE-2025-68209.yml
new file mode 100644
index 0000000..7a81544
--- /dev/null
+++ b/vulns/CVE-2025-68209.yml
@@ -0,0 +1,10 @@
+reachability: Remote
+memory_corruption: false
+bug_class: Null Pointer Dereference
+impact: DoS
+privileges_required: false
+notes: |2-
+   This is possibly a remote DoS as any host that can send traffic could
+  possible create a DoS
+author: Oracle Corporation
+version: v0.1