Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Vibe Loop: AI-native reliability engineering for the real world

      July 10, 2025

      Docker Compose gets new features for building and running agents

      July 10, 2025

      Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

      July 10, 2025

      Unmasking The Magic: The Wizard Of Oz Method For UX Research

      July 10, 2025

      How I personalized my ChatGPT conversations – why it’s a game changer

      July 10, 2025

      Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

      July 10, 2025

      The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

      July 10, 2025

      Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

      July 10, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Salesforce Health Cloud Demo: Provider Search & Network Management in Action

      July 10, 2025
      Recent

      Salesforce Health Cloud Demo: Provider Search & Network Management in Action

      July 10, 2025

      Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

      July 10, 2025

      This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

      July 10, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

      July 10, 2025
      Recent

      Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

      July 10, 2025

      The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

      July 10, 2025

      Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

      July 10, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-0140 – Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

    CVE-2025-0140 – Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

    July 10, 2025

    CVE ID : CVE-2025-0140

    Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

    Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS and Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.

    The GlobalProtect app on Windows, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-0141 – Palo Alto Networks GlobalProtect™ App Privilege Escalation Vulnerability
    Next Article CVE-2025-0139 – Palo Alto Networks Autonomous Digital Experience Manager Privilege Escalation Vulnerability

    Related Posts

    Development

    Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

    July 10, 2025
    Development

    Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

    July 10, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-4314 – SourceCodester Advanced Web Store SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Windows 11 Widgets Board Could Get More Useful with THIS Update

    Operating Systems

    Is Drug Dealer Simulator on Xbox Game Pass?

    News & Updates

    CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    CVE-2025-38154 – Linux Kernel BPF Sockmap Use After Free Vulnerability

    July 3, 2025

    CVE ID : CVE-2025-38154

    Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    bpf, sockmap: Avoid using sk_socket after free when sending

    The sk->sk_socket is not locked or referenced in backlog thread, and
    during the call to skb_send_sock(), there is a race condition with
    the release of sk_socket. All types of sockets(tcp/udp/unix/vsock)
    will be affected.

    Race conditions:
    ”’
    CPU0 CPU1

    backlog::skb_send_sock
    sendmsg_unlocked
    sock_sendmsg
    sock_sendmsg_nosec
    close(fd):
    …
    ops->release() -> sock_map_close()
    sk_socket->ops = NULL
    free(socket)
    sock->ops->sendmsg
    ^
    panic here
    ”’

    The ref of psock become 0 after sock_map_close() executed.
    ”’
    void sock_map_close()
    {
    …
    if (likely(psock)) {
    …
    // !! here we remove psock and the ref of psock become 0
    sock_map_remove_links(sk, psock)
    psock = sk_psock_get(sk);
    if (unlikely(!psock))
    goto no_psock; work);
    ? die_addr+0x40/0xa0
    ? exc_general_protection+0x14c/0x230
    ? asm_exc_general_protection+0x26/0x30
    ? sock_sendmsg+0x21d/0x440
    ? sock_sendmsg+0x3e0/0x440
    ? __pfx_sock_sendmsg+0x10/0x10
    __skb_send_sock+0x543/0xb70
    sk_psock_backlog+0x247/0xb80
    …
    ”’

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Google launches Gemini 2.5 Flash, and this is what it can do

    April 20, 2025

    Vinyl Online Casino aus DE starten

    April 11, 2025

    Mozilla is so out of Pocket for shutting down one of my favorite apps

    May 22, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.