CVE-2025-9443 - Tenda CH22 Buffer Overflow Vulnerability

CVE ID : CVE-2025-9443

Published : Aug. 26, 2025, 3:15 a.m. | 23 hours, 39 minutes ago

Description : A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-38346 – Linux kernel ftrace UAF Vulnerability

July 10, 2025

CVE ID : CVE-2025-38346

Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix UAF when lookup kallsym after ftrace disabled

The following issue happens with a buggy module:

BUG: unable to handle page fault for address: ffffffffc05d0218
PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0
Oops: Oops: 0000 [#1] SMP KASAN PTI
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
RIP: 0010:sized_strscpy+0x81/0x2f0
RSP: 0018:ffff88812d76fa08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000
RDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d
RBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68
R10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038
R13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff
FS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:

ftrace_mod_get_kallsym+0x1ac/0x590
update_iter_mod+0x239/0x5b0
s_next+0x5b/0xa0
seq_read_iter+0x8c9/0x1070
seq_read+0x249/0x3b0
proc_reg_read+0x1b0/0x280
vfs_read+0x17f/0x920
ksys_read+0xf3/0x1c0
do_syscall_64+0x5f/0x2e0
entry_SYSCALL_64_after_hwframe+0x76/0x7e

The above issue may happen as follows:
(1) Add kprobe tracepoint;
(2) insmod test.ko;
(3) Module triggers ftrace disabled;
(4) rmmod test.ko;
(5) cat /proc/kallsyms; –> Will trigger UAF as test.ko already removed;
ftrace_mod_get_kallsym()
…
strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);
…

The problem is when a module triggers an issue with ftrace and
sets ftrace_disable. The ftrace_disable is set when an anomaly is
discovered and to prevent any more damage, ftrace stops all text
modification. The issue that happened was that the ftrace_disable stops
more than just the text modification.

When a module is loaded, its init functions can also be traced. Because
kallsyms deletes the init functions after a module has loaded, ftrace
saves them when the module is loaded and function tracing is enabled. This
allows the output of the function trace to show the init function names
instead of just their raw memory addresses.

When a module is removed, ftrace_release_mod() is called, and if
ftrace_disable is set, it just returns without doing anything more. The
problem here is that it leaves the mod_list still around and if kallsyms
is called, it will call into this code and access the module memory that
has already been freed as it will return:

strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);

Where the “mod” no longer exists and triggers a UAF bug.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-9443 – Tenda CH22 Buffer Overflow Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CVE-2025-34129 – LILIN Digital Video Recorder (DVR) Command Injection Vulnerability

CVE-2025-7076 – BlackVue Dashcam 590X Configuration Handler Local File Inclusion Vulnerability

Stop Scrolling: Kinetic Typography Is Redefining UX

AMD Radeon graphics driver brings FSR 4 support to The Elder Scrolls IV: Oblivion Remastered and Assassin’s Creed Shadows

CVE-2025-38346 – Linux kernel ftrace UAF Vulnerability

The Serverless Architecture Handbook: How to Publish a Node Js Docker Image to AWS ECR and Deploy the Container to AWS Lambda

DistroWatch Weekly, Issue 1129

CVE-2025-0913 – Apache os File Symlink Creation Vulnerability

CVE-2025-9443 – Tenda CH22 Buffer Overflow Vulnerability

Related Posts