CVE List - 2025 / September
Showing 501 - 600 of 4322 CVEs for September 2025 (Page 6 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-38679 | 2025-09-04 | media: venus: Fix OOB read due to missing payload bound check |
| CVE-2025-38680 | 2025-09-04 | media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() |
| CVE-2025-38681 | 2025-09-04 | mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() |
| CVE-2025-38682 | 2025-09-04 | i2c: core: Fix double-free of fwnode in i2c_unregister_device() |
| CVE-2025-38683 | 2025-09-04 | hv_netvsc: Fix panic during namespace deletion with VF |
| CVE-2025-38684 | 2025-09-04 | net/sched: ets: use old 'nbands' while purging unused classes |
| CVE-2025-38685 | 2025-09-04 | fbdev: Fix vmalloc out-of-bounds write in fast_imageblit |
| CVE-2025-38686 | 2025-09-04 | userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry |
| CVE-2025-38687 | 2025-09-04 | comedi: fix race between polling and detaching |
| CVE-2025-38688 | 2025-09-04 | iommufd: Prevent ALIGN() overflow |
| CVE-2025-38689 | 2025-09-04 | x86/fpu: Fix NULL dereference in avx512_status() |
| CVE-2025-38690 | 2025-09-04 | drm/xe/migrate: prevent infinite recursion |
| CVE-2025-38691 | 2025-09-04 | pNFS: Fix uninited ptr deref in block/scsi layout |
| CVE-2025-38692 | 2025-09-04 | exfat: add cluster chain loop check for dir |
| CVE-2025-38693 | 2025-09-04 | media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar |
| CVE-2025-38694 | 2025-09-04 | media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() |
| CVE-2025-38695 | 2025-09-04 | scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure |
| CVE-2025-38696 | 2025-09-04 | MIPS: Don't crash in stack_top() for tasks without ABI or vDSO |
| CVE-2025-38697 | 2025-09-04 | jfs: upper bound check of tree index in dbAllocAG |
| CVE-2025-38698 | 2025-09-04 | jfs: Regular file corruption check |
| CVE-2025-38699 | 2025-09-04 | scsi: bfa: Double-free fix |
| CVE-2025-38700 | 2025-09-04 | scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated |
| CVE-2025-38701 | 2025-09-04 | ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr |
| CVE-2025-38702 | 2025-09-04 | fbdev: fix potential buffer overflow in do_register_framebuffer() |
| CVE-2025-38703 | 2025-09-04 | drm/xe: Make dma-fences compliant with the safe access rules |
| CVE-2025-38704 | 2025-09-04 | rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access |
| CVE-2025-38705 | 2025-09-04 | drm/amd/pm: fix null pointer access |
| CVE-2025-38706 | 2025-09-04 | ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() |
| CVE-2025-38707 | 2025-09-04 | fs/ntfs3: Add sanity check for file name |
| CVE-2025-38708 | 2025-09-04 | drbd: add missing kref_get in handle_write_conflicts |
| CVE-2025-38709 | 2025-09-04 | loop: Avoid updating block size under exclusive owner |
| CVE-2025-38710 | 2025-09-04 | gfs2: Validate i_depth for exhash directories |
| CVE-2025-38711 | 2025-09-04 | smb/server: avoid deadlock when linking with ReplaceIfExists |
| CVE-2025-38712 | 2025-09-04 | hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() |
| CVE-2025-38713 | 2025-09-04 | hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() |
| CVE-2025-38714 | 2025-09-04 | hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() |
| CVE-2025-38715 | 2025-09-04 | hfs: fix slab-out-of-bounds in hfs_bnode_read() |
| CVE-2025-38716 | 2025-09-04 | hfs: fix general protection fault in hfs_find_init() |
| CVE-2025-38717 | 2025-09-04 | net: kcm: Fix race condition in kcm_unattach() |
| CVE-2025-38718 | 2025-09-04 | sctp: linearize cloned gso packets in sctp_rcv |
| CVE-2025-38719 | 2025-09-04 | net: hibmcge: fix the division by zero issue |
| CVE-2025-38720 | 2025-09-04 | net: hibmcge: fix rtnl deadlock issue |
| CVE-2025-38721 | 2025-09-04 | netfilter: ctnetlink: fix refcount leak on table dump |
| CVE-2025-38722 | 2025-09-04 | habanalabs: fix UAF in export_dmabuf() |
| CVE-2025-38723 | 2025-09-04 | LoongArch: BPF: Fix jump offset calculation in tailcall |
| CVE-2025-38724 | 2025-09-04 | nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() |
| CVE-2025-38725 | 2025-09-04 | net: usb: asix_devices: add phy_mask for ax88772 mdio bus |
| CVE-2025-38726 | 2025-09-04 | net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect |
| CVE-2025-38727 | 2025-09-04 | netlink: avoid infinite retry looping in netlink_unicast() |
| CVE-2025-38728 | 2025-09-04 | smb3: fix for slab out of bounds on mount to ksmbd |
| CVE-2025-38729 | 2025-09-04 | ALSA: usb-audio: Validate UAC3 power domain descriptors, too |
| CVE-2025-38730 | 2025-09-04 | io_uring/net: commit partial buffers on retry |
| CVE-2025-23301 | 2025-09-04 | NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability... |
| CVE-2025-23302 | 2025-09-04 | NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability... |
| CVE-2025-23256 | 2025-09-04 | NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might... |
| CVE-2025-23257 | 2025-09-04 | NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to... |
| CVE-2025-23258 | 2025-09-04 | NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might... |
| CVE-2025-23259 | 2025-09-04 | NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of... |
| CVE-2025-23261 | 2025-09-04 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. |
| CVE-2025-23262 | 2025-09-04 | NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might... |
| CVE-2025-9636 | 2025-09-04 | Cross-Origin Opener Policy Vulnerability in pgAdmin 4 |
| CVE-2023-35657 | 2025-09-04 | In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-49739 | 2025-09-04 | In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-0077 | 2025-09-04 | In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-0087 | 2025-09-04 | In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2025-22425 | 2025-09-04 | In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-26420 | 2025-09-04 | In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation... |
| CVE-2025-26421 | 2025-09-04 | In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-26422 | 2025-09-04 | In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2025-26423 | 2025-09-04 | In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no... |
| CVE-2025-26424 | 2025-09-04 | In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional... |
| CVE-2025-26425 | 2025-09-04 | In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions... |
| CVE-2025-26426 | 2025-09-04 | In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege... |
| CVE-2025-26427 | 2025-09-04 | In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-26428 | 2025-09-04 | In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional... |
| CVE-2025-26429 | 2025-09-04 | In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution... |
| CVE-2025-26430 | 2025-09-04 | In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2025-26435 | 2025-09-04 | In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code.... |
| CVE-2025-26436 | 2025-09-04 | In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of... |
| CVE-2025-26438 | 2025-09-04 | In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no... |
| CVE-2025-26440 | 2025-09-04 | In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege... |
| CVE-2025-26442 | 2025-09-04 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information... |
| CVE-2025-26444 | 2025-09-04 | In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to... |
| CVE-2025-26432 | 2025-09-04 | In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional... |
| CVE-2025-26437 | 2025-09-04 | In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution... |
| CVE-2025-26441 | 2025-09-04 | In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2025-26443 | 2025-09-04 | In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to... |
| CVE-2025-26445 | 2025-09-04 | In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2025-26448 | 2025-09-04 | In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2025-26449 | 2025-09-04 | In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User... |
| CVE-2025-26450 | 2025-09-04 | In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This... |
| CVE-2025-26452 | 2025-09-04 | In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with... |
| CVE-2025-26453 | 2025-09-04 | In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional... |
| CVE-2025-26455 | 2025-09-04 | In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional... |
| CVE-2025-26456 | 2025-09-04 | In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of... |
| CVE-2025-26458 | 2025-09-04 | In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2025-26462 | 2025-09-04 | In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-26463 | 2025-09-04 | In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed.... |
| CVE-2025-32312 | 2025-09-04 | In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This... |
| CVE-2025-22441 | 2025-09-04 | In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of... |