Skip to content

Commit 36765ed

Browse files
authored
Merge pull request #75 from oracle-samples/analysis-week-6-2026
CVE analysis - Week 6
2 parents 8457563 + 6ed2ffa commit 36765ed

2 files changed

Lines changed: 21 additions & 0 deletions

File tree

vulns/CVE-2025-40297.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
reachability: Local
2+
memory_corruption: true
3+
bug_class: UaF
4+
impact: LPE, DoS
5+
privileges_required: false
6+
notes: |2-
7+
Use after free in net/bridge leading to DoS and LPE. Reachable by
8+
unprivileged user through namespaces
9+
author: Oracle Corporation
10+
version: v0.1

vulns/CVE-2025-40328.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
reachability: Local
2+
memory_corruption: true
3+
bug_class: UaF
4+
impact: DoS, LPE
5+
privileges_required: true
6+
notes: |2-
7+
Assuming that many systems have CIFS shares mounted at boot-time, then an
8+
unprivileged user can issue ordinary fs operations on that share and trigger
9+
the vulnerability
10+
author: Oracle Corporation
11+
version: v0.1

0 commit comments

Comments
 (0)