CVE-2025-38528 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 bpf lib/vsprintf.c bpf_trace_printk fmt[] format string

Inserito da Angelo Barbosa | Ago 16, 2025 | CVE

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function bpf_trace_printk in the library lib/vsprintf.c of the component bpf. The manipulation of the argument fmt[] leads to format string.

This vulnerability is known as CVE-2025-38528. Access to the local network is required for this attack to succeed. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-38528 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 bpf lib/vsprintf.c bpf_trace_printk fmt[] format string

Post correlati

CVE-2025-38183 | Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3/6.16-rc2 net lan743x_ptp_io_event_clock_get out-of-bounds write

CVE-2025-1374 | code-projects Real Estate Property Management System 1.0 /search.php StateName/CityName/AreaName/CatId sql injection

CVE-2024-39935 | jc21 NGINX Proxy Manager up to 2.11.2 DNS Provider Configuration certificate.js os command injection (99cce7e2b0da2978411cedd7cac5fffbe15bc46)

CVE-2024-13310 | Drupal Git Utilities for Privilege Escalation