Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22021
netfilter: socket: Lookup orig tuple for IPv6 SNAT
Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add the same logic to nf_sk_lookup_slow_v6. IPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as pods' addresses are in the fd00::/8 ULA subnet and need to be replaced with the node's external address. Cilium leverages Envoy to enforce L7 policies, and Envoy uses transparent sockets. Cilium inserts an iptables prerouting rule that matches on `-m socket --transparent` and redirects the packets to localhost, but it fails to match SNATed IPv6 packets due to that missing conntrack lookup.

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2025-22020
memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Description: In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024 Workqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms] Call Trace: dump_stack_lvl+0x51/0x70 print_address_description.constprop.0+0x27/0x320 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] print_report+0x3e/0x70 kasan_report+0xab/0xe0 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms] ? __pfx___schedule+0x10/0x10 ? kick_pool+0x3b/0x270 process_one_work+0x357/0x660 worker_thread+0x390/0x4c0 ? __pfx_worker_thread+0x10/0x10 kthread+0x190/0x1d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Allocated by task 161446: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0x7b/0x90 __kmalloc_noprof+0x1a7/0x470 memstick_alloc_host+0x1f/0xe0 [memstick] rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms] plat...

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2025-22019
bcachefs: bch2_ioctl_subvolume_destroy() fixes
Description: In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectly pruning the dcache. Also, fix missing permissions checks.

EPSS Score: 0.01%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2024-58092
nfsd: fix legacy client tracking initialization
Description: In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization Get rid of the nfsd4_legacy_tracking_ops->init() call in check_for_legacy_methods(). That will be handled in the caller (nfsd4_client_tracking_init()). Otherwise, we'll wind up calling nfsd4_legacy_tracking_ops->init() twice, and the second time we'll trigger the BUG_ON() in nfsd4_init_recdir().

EPSS Score: 0.02%

Source: CVE
April 16th, 2025 (6 days ago)
Microsoft warns of blue screen crashes caused by April updates
Description: Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. [...]
Source: BleepingComputer
April 16th, 2025 (6 days ago)
Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks
Description: Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. [...]
Source: BleepingComputer
April 16th, 2025 (6 days ago)
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Description: Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Mercês said in a technical report published earlier in
Source: TheHackerNews
April 16th, 2025 (6 days ago)
🏴‍☠️ Lynx has just published a new victim : McElwee Firm
Description: McElwee Firm PLLC is a company that operates in the Law Firms & Legal Services industry. It employs 5to9 people and has 1Mto5M of revenue. The company is headquartered in North Wilkesboro, North Carolina.
Source: Ransomware.live
April 16th, 2025 (6 days ago)
Introducing the refreshed Recorded Future brand
Description: Learn how Recorded Future's brand refresh, powered by AI and actionable threat intelligence, helps teams evolve with the next generation of cybersecurity.
Source: RecordedFuture
April 16th, 2025 (6 days ago)
🏴‍☠️ Qilin has just published a new victim : govonisabbiatrici
Description: Company designs and manufactures machines and systems of sandblasting, as well as dust extraction systems, Sorting and conveying devices for metal abrasives and silica sands, partial and total recovery devices for large cabins and soundproofi ...
Source: Ransomware.live
April 16th, 2025 (6 days ago)