Security

CVE ID : CVE-2024-58098

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: track changes_pkt_data property for global functions

When processing calls to certain helpers, verifier invalidates all
packet pointers in a current state. For example, consider the
following program:

__attribute__((__noinline__))
long skb_pull_data(struct __sk_buff *sk, __u32 len)
{
return bpf_skb_pull_data(sk, len);
}

SEC(“tc”)
int test_invalidate_checks(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
if ((void *)(p + 1) > (void *)(long)sk->data_end) return TCX_DROP;
skb_pull_data(sk, 0);
*p = 42;
return TCX_PASS;
}

After a call to bpf_skb_pull_data() the pointer ‘p’ can’t be used
safely. See function filter.c:bpf_helper_changes_pkt_data() for a list
of such helpers.

At the moment verifier invalidates packet pointers when processing
helper function calls, and does not traverse global sub-programs when
processing calls to global sub-programs. This means that calls to
helpers done from global sub-programs do not invalidate pointers in
the caller state. E.g. the program above is unsafe, but is not
rejected by verifier.

This commit fixes the omission by computing field
bpf_subprog_info->changes_pkt_data for each sub-program before main
verification pass.
changes_pkt_data should be set if:
– subprogram calls helper for which bpf_helper_changes_pkt_data
returns true;
– subprogram calls a global function,
for which bpf_subprog_info->changes_pkt_data should be set.

The verifier.c:check_cfg() pass is modified to compute this
information. The commit relies on depth first instruction traversal
done by check_cfg() and absence of recursive function calls:
– check_cfg() would eventually visit every call to subprogram S in a
state when S is fully explored;
– when S is fully explored:
– every direct helper call within S is explored
(and thus changes_pkt_data is set if needed);
– every call to subprogram S1 called by S was visited with S1 fully
explored (and thus S inherits changes_pkt_data from S1).

The downside of such approach is that dead code elimination is not
taken into account: if a helper call inside global function is dead
because of current configuration, verifier would conservatively assume
that the call occurs for the purpose of the changes_pkt_data
computation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58100

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: check changes_pkt_data property for extension programs

When processing calls to global sub-programs, verifier decides whether
to invalidate all packet pointers in current state depending on the
changes_pkt_data property of the global sub-program.

Because of this, an extension program replacing a global sub-program
must be compatible with changes_pkt_data property of the sub-program
being replaced.

This commit:
– adds changes_pkt_data flag to struct bpf_prog_aux:
– this flag is set in check_cfg() for main sub-program;
– in jit_subprogs() for other sub-programs;
– modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;
– moves call to check_attach_btf_id() after the call to check_cfg(),
because it needs changes_pkt_data flag to be set:

bpf_check:
… …
– check_attach_btf_id resolve_pseudo_ldimm64
resolve_pseudo_ldimm64 –> bpf_prog_is_offloaded
bpf_prog_is_offloaded check_cfg
check_cfg + check_attach_btf_id
… …

The following fields are set by check_attach_btf_id():
– env->ops
– prog->aux->attach_btf_trace
– prog->aux->attach_func_name
– prog->aux->attach_func_proto
– prog->aux->dst_trampoline
– prog->aux->mod
– prog->aux->saved_dst_attach_type
– prog->aux->saved_dst_prog_type
– prog->expected_attach_type

Neither of these fields are used by resolve_pseudo_ldimm64() or
bpf_prog_offload_verifier_prep() (for netronome and netdevsim
drivers), so the reordering is safe.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-58237

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: consider that tail calls invalidate packet pointers

Tail-called programs could execute any of the helpers that invalidate
packet pointers. Hence, conservatively assume that each tail call
invalidates packet pointers.

Making the change in bpf_helper_changes_pkt_data() automatically makes
use of check_cfg() logic that computes ‘changes_pkt_data’ effect for
global sub-programs, such that the following program could be
rejected:

int tail_call(struct __sk_buff *sk)
{
bpf_tail_call_static(sk, &jmp_table, 0);
return 0;
}

SEC(“tc”)
int not_safe(struct __sk_buff *sk)
{
int *p = (void *)(long)sk->data;
… make p valid …
tail_call(sk);
*p = 42; /* this is unsafe */
…
}

The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that
can invalidate packet pointers. Otherwise, it can’t be freplaced with
tailcall_freplace.c:entry_freplace() that does a tail call.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47240

Published : May 5, 2025, 3:15 p.m. | 18 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Let’s be honest: if you’re one of the first (or the first) security hires at a small or midsize business,…

Apache Parquet Java Vulnerability Let Attackers Execute Arbitrary Code

A new critical security vulnerability in Apache Parquet Java has been disclosed that could allow attackers to execute arbitrary code through specially crafted Parquet files.
The vulnerability, tracked …
Read more

Published Date:
May 05, 2025 (5 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

New SonicBoom Attack Allows Bypass of Authentication for Admin Access

A critical new attack chain, dubbed “SonicBoom,” that enables remote attackers to bypass authentication and seize administrative control over enterprise appliances, including SonicWall Secure Mobile A …
Read more

Published Date:
May 05, 2025 (2 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-23006

CVE-2024-38475

CVE-2023-44221

CVE ID : CVE-2025-4271

Published : May 5, 2025, 8:15 a.m. | 3 hours, 24 minutes ago

Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4270

Published : May 5, 2025, 8:15 a.m. | 3 hours, 24 minutes ago

Description : A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2905

Published : May 5, 2025, 9:15 a.m. | 2 hours, 24 minutes ago

Description : An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.

This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.

*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.

*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.

*
DoS attacks such as “Billion Laughs” payloads can cause service disruption.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4272

Published : May 5, 2025, 11:15 a.m. | 24 minutes ago

Description : A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:Program FilesOEMMECHREVO Control CenterUniwillServiceMyControlCentercsCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting…

Artem Stryzhak, a Ukrainian national, has been extradited from Spain to the United States to face charges related to a…

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two vulnerabilities, CVE-2024-38475 and CVE-2023-44221, that are …
Read more

Published Date:
May 02, 2025 (2 days, 17 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29824

CVE-2025-30406

CVE-2024-38475

CVE-2023-44221

Microsoft tries to knife passwords once and for all – at least for consumers

Infosec In Brief Microsoft has decided to push its consumer customers to dump password in favor of passkeys.
The software giant announced the move Thursday, May 1, traditionally known as “World Passwo …
Read more

Published Date:
May 04, 2025 (7 hours, 39 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3928

CVE-2025-31324

CVE-2025-1976

CVE-2025-42599

CVE-2024-38475

Critical Webmin Vulnerability Let Remote Attackers Escalate Privileges to Root-Level

A critical security vulnerability in Webmin, a widely-used web-based system administration tool, has been discovered, allowing remote attackers to escalate privileges and execute code with root-level …
Read more

Published Date:
May 05, 2025 (5 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

MediaTek May 2025 Security Bulletin: Chipset Vulnerabilities Disclosed

The MediaTek Product Security Bulletin for May 2025 highlights multiple security vulnerabilities affecting a wide range of MediaTek-powered devices, including smartphones, tablets, AIoT platforms, sma …
Read more

Published Date:
May 05, 2025 (52 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20671

CVE-2025-20670

CVE-2025-20668

CVE-2025-20667

CVE-2025-20666

CVE-2025-20665

CVE ID : CVE-2025-4261

Published : May 5, 2025, 4:15 a.m. | 3 hours, 20 minutes ago

Description : A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function run_single of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4262

Published : May 5, 2025, 4:16 a.m. | 3 hours, 19 minutes ago

Description : A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4263

Published : May 5, 2025, 4:16 a.m. | 3 hours, 19 minutes ago

Description : A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…