From b5c3ae6fbe3696e1e341727ad451211210be6323 Mon Sep 17 00:00:00 2001 From: amitU Date: Thu, 25 Sep 2025 11:31:50 -0400 Subject: [PATCH 1/2] Kernel CVES Analysis Sept25 2025 | CVE-2025-39838,CVE-2025-39857, and CVE-2025-39862 --- vulns/CVE-2025-39838.yml | 7 +++++++ vulns/CVE-2025-39857.yml | 7 +++++++ vulns/CVE-2025-39862.yml | 7 +++++++ 3 files changed, 21 insertions(+) create mode 100644 vulns/CVE-2025-39838.yml create mode 100644 vulns/CVE-2025-39857.yml create mode 100644 vulns/CVE-2025-39862.yml diff --git a/vulns/CVE-2025-39838.yml b/vulns/CVE-2025-39838.yml new file mode 100644 index 0000000..400dd8c --- /dev/null +++ b/vulns/CVE-2025-39838.yml @@ -0,0 +1,7 @@ +reachability: Local +memory_corruption: Likely Null pointer can lead to Memory corruption ; +bug_class: CWE-476: NULL Pointer Dereference; +Impact: Crash,memory leak; +notes: Null Value is passed without checks leading to possible crash. CONFIG_CIFS needs to be enabled for exploitation ; +author: Microsoft +version: 0.1 diff --git a/vulns/CVE-2025-39857.yml b/vulns/CVE-2025-39857.yml new file mode 100644 index 0000000..204061b --- /dev/null +++ b/vulns/CVE-2025-39857.yml @@ -0,0 +1,7 @@ +reachability: Local +memory_corruption: Likely since NUll pointer may cause memory corruption ; +bug_class:CWE-476: NULL Pointer Dereference ; +Impact: crash and memory leak ; +notes: Issue due to null value for ibdev->dma_device. CONFIG_SMC needs to be enabled for exploitation ; +author: Microsoft +version: 0.1 diff --git a/vulns/CVE-2025-39862.yml b/vulns/CVE-2025-39862.yml new file mode 100644 index 0000000..3f20a9b --- /dev/null +++ b/vulns/CVE-2025-39862.yml @@ -0,0 +1,7 @@ +reachability: Local +memory_corruption: true ; +bug_class: memory / data corruption ; +Impact: crash and integrity issue ; +notes:wcid->sta entry is not cleared after hardware restart. The fix ensure the value wcid->sta is set to 0. CONFIG_MT76_CORE and CONFIG_MT7915E should be enabled for exploitation ; +author: Microsoft +version: 0.1 \ No newline at end of file From 20cf8a9b38f129526b4818495033ff9adf9a36a4 Mon Sep 17 00:00:00 2001 From: amitU Date: Thu, 2 Oct 2025 10:33:55 -0400 Subject: [PATCH 2/2] addressed comments from dmell@ --- vulns/CVE-2025-39838.yml | 9 +++++---- vulns/CVE-2025-39857.yml | 9 +++++---- vulns/CVE-2025-39862.yml | 9 +++++---- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/vulns/CVE-2025-39838.yml b/vulns/CVE-2025-39838.yml index 400dd8c..3a42cd7 100644 --- a/vulns/CVE-2025-39838.yml +++ b/vulns/CVE-2025-39838.yml @@ -1,7 +1,8 @@ reachability: Local -memory_corruption: Likely Null pointer can lead to Memory corruption ; -bug_class: CWE-476: NULL Pointer Dereference; -Impact: Crash,memory leak; -notes: Null Value is passed without checks leading to possible crash. CONFIG_CIFS needs to be enabled for exploitation ; +memory_corruption: yes +bug_class: NULL Pointer Dereference +Impact: Crash,memory leak +privileges_required: yes +notes: Null Value is passed without checks leading to possible crash. CONFIG_CIFS needs to be enabled for exploitation author: Microsoft version: 0.1 diff --git a/vulns/CVE-2025-39857.yml b/vulns/CVE-2025-39857.yml index 204061b..f2da8f7 100644 --- a/vulns/CVE-2025-39857.yml +++ b/vulns/CVE-2025-39857.yml @@ -1,7 +1,8 @@ reachability: Local -memory_corruption: Likely since NUll pointer may cause memory corruption ; -bug_class:CWE-476: NULL Pointer Dereference ; -Impact: crash and memory leak ; -notes: Issue due to null value for ibdev->dma_device. CONFIG_SMC needs to be enabled for exploitation ; +memory_corruption: yes +bug_class: NULL Pointer Dereference +Impact: crash, memory leak +privileges_required: yes +notes: Issue due to null value for ibdev->dma_device. CONFIG_SMC needs to be enabled for exploitation author: Microsoft version: 0.1 diff --git a/vulns/CVE-2025-39862.yml b/vulns/CVE-2025-39862.yml index 3f20a9b..8a1ceec 100644 --- a/vulns/CVE-2025-39862.yml +++ b/vulns/CVE-2025-39862.yml @@ -1,7 +1,8 @@ reachability: Local -memory_corruption: true ; -bug_class: memory / data corruption ; -Impact: crash and integrity issue ; -notes:wcid->sta entry is not cleared after hardware restart. The fix ensure the value wcid->sta is set to 0. CONFIG_MT76_CORE and CONFIG_MT7915E should be enabled for exploitation ; +memory_corruption: yes +bug_class: memory / data corruption +Impact: crash, integrity issue +privileges_required: yes +notes:wcid->sta entry is not cleared after hardware restart. The fix ensure the value wcid->sta is set to 0. CONFIG_MT76_CORE and CONFIG_MT7915E should be enabled for exploitation author: Microsoft version: 0.1 \ No newline at end of file