From bdba304b5282d83576868d7fd31523d9e586c18e Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 20 Mar 2026 15:04:55 +0000 Subject: [PATCH 1/4] Analysis for CVE-2025-68775.yml --- vulns/CVE-2025-68775.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 vulns/CVE-2025-68775.yml diff --git a/vulns/CVE-2025-68775.yml b/vulns/CVE-2025-68775.yml new file mode 100644 index 0000000..0ab25a2 --- /dev/null +++ b/vulns/CVE-2025-68775.yml @@ -0,0 +1,10 @@ +reachability: Remote +memory_corruption: true +bug_class: UAF +impact: Remote DOS or RCE +privileges_required: false +notes: |2- + Remote duplicate handshake cancellations double-free a socket ref + (UAF/negative refcount) leading to kernel panic or leak; no privileges needed +author: Oracle Corporation +version: v0.1 From 768c285bde0ae72fba6cfe9d212b6c9a4bb6d33e Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 20 Mar 2026 15:04:55 +0000 Subject: [PATCH 2/4] Analysis for CVE-2025-71089.yml --- vulns/CVE-2025-71089.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 vulns/CVE-2025-71089.yml diff --git a/vulns/CVE-2025-71089.yml b/vulns/CVE-2025-71089.yml new file mode 100644 index 0000000..0c9756a --- /dev/null +++ b/vulns/CVE-2025-71089.yml @@ -0,0 +1,14 @@ +reachability: Local +memory_corruption: true +bug_class: UAF +impact: LPE +privileges_required: false +notes: |2- + Commit message particularly mentions "Currently, SVA contexts are + unprivileged and cannot access kernel mappings. However, the IOMMU will + still walk kernel- only page tables all the way down to the leaf entries, + where it realizes the mapping is for the kernel and errors out. This means + the IOMMU still caches these intermediate page table entries, making the + described vulnerability a real concern" +author: Oracle Corporation +version: v0.1 From 848a26c0ad54389c141f066edb7efa953bf3662b Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 20 Mar 2026 15:04:55 +0000 Subject: [PATCH 3/4] Analysis for CVE-2026-23074.yml --- vulns/CVE-2026-23074.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 vulns/CVE-2026-23074.yml diff --git a/vulns/CVE-2026-23074.yml b/vulns/CVE-2026-23074.yml new file mode 100644 index 0000000..31c880e --- /dev/null +++ b/vulns/CVE-2026-23074.yml @@ -0,0 +1,10 @@ +reachability: Local +memory_corruption: true +bug_class: UAF +impact: LPE +privileges_required: false +notes: |2- + use-after-free vulnerabilities in net/sched are generally exploitable for + LPE by local users(via unshare -rn) +author: Oracle Corporation +version: v0.1 From c5a0b1dbe5d5ebed1b4c7f64ccf6b0f04f2128d1 Mon Sep 17 00:00:00 2001 From: Oracle Linux CVE analysis bot Date: Fri, 20 Mar 2026 15:04:55 +0000 Subject: [PATCH 4/4] Analysis for CVE-2026-23231.yml --- vulns/CVE-2026-23231.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 vulns/CVE-2026-23231.yml diff --git a/vulns/CVE-2026-23231.yml b/vulns/CVE-2026-23231.yml new file mode 100644 index 0000000..03d51d2 --- /dev/null +++ b/vulns/CVE-2026-23231.yml @@ -0,0 +1,10 @@ +reachability: Local +memory_corruption: true +bug_class: Use-After-Free +impact: LPE +privileges_required: false +notes: |2- + UAF in netfilter subsystem, only check netlink_net_capable() which could be + bypassed with unshare -rn --> plausible LPE +author: Oracle Corporation +version: v0.1