CVE-2025-5269 - Firefox ESR Memory Corruption Vulnerability

CVE ID : CVE-2025-5269

Published : May 27, 2025, 1:15 p.m. | 3 hours, 43 minutes ago

Description : Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-38165 – Linux BPF Sockmap Panic Vulnerability

July 3, 2025

CVE ID : CVE-2025-38165

Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix panic when calling skb_linearize

The panic can be reproduced by executing the command:
./bench sockmap -c 2 -p 1 -a –rx-verdict-ingress –rx-strp 100000

Then a kernel panic was captured:
”’
[ 657.460555] kernel BUG at net/core/skbuff.c:2178!
[ 657.462680] Tainted: [W]=WARN
[ 657.463287] Workqueue: events sk_psock_backlog
…
[ 657.469610]
[ 657.469738] ? die+0x36/0x90
[ 657.469916] ? do_trap+0x1d0/0x270
[ 657.470118] ? pskb_expand_head+0x612/0xf40
[ 657.470376] ? pskb_expand_head+0x612/0xf40
[ 657.470620] ? do_error_trap+0xa3/0x170
[ 657.470846] ? pskb_expand_head+0x612/0xf40
[ 657.471092] ? handle_invalid_op+0x2c/0x40
[ 657.471335] ? pskb_expand_head+0x612/0xf40
[ 657.471579] ? exc_invalid_op+0x2d/0x40
[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20
[ 657.472052] ? pskb_expand_head+0xd1/0xf40
[ 657.472292] ? pskb_expand_head+0x612/0xf40
[ 657.472540] ? lock_acquire+0x18f/0x4e0
[ 657.472766] ? find_held_lock+0x2d/0x110
[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10
[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470
[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10
[ 657.473826] __pskb_pull_tail+0xfd/0x1d20
[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90
[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510
[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0
[ 657.476010] sk_psock_backlog+0x5cf/0xd70
[ 657.476637] process_one_work+0x858/0x1a20
”’

The panic originates from the assertion BUG_ON(skb_shared(skb)) in
skb_linearize(). A previous commit(see Fixes tag) introduced skb_get()
to avoid race conditions between skb operations in the backlog and skb
release in the recvmsg path. However, this caused the panic to always
occur when skb_linearize is executed.

The “–rx-strp 100000″ parameter forces the RX path to use the strparser
module which aggregates data until it reaches 100KB before calling sockmap
logic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.

To fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.

”’
sk_psock_backlog:
sk_psock_handle_skb
skb_get(skb)
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-5269 – Firefox ESR Memory Corruption Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Ubuntu Fixes Desktop File Thumbnails Not Showing

FOSS Weekly #25.26: Torvalds-Gates Showdown, Hyprland Premium, Fedora’s 32-bit Debacle, Xfce Themes and More Linux Stuff

CVE-2025-1727 – Amtrak FRED Protocol BCH Checksum Vulnerability

First signs of dedicated Xbox interface for Windows 11 PCs spotted in latest preview

CVE-2025-38165 – Linux BPF Sockmap Panic Vulnerability

Use Passkeys in Your Laravel App

Smashing Animations Part 4: Optimising SVGs

This Debian-based Linux distro is an overlooked and user-friendly gem

CVE-2025-5269 – Firefox ESR Memory Corruption Vulnerability

Related Posts