Vulnerability intelligence

CVE-2025-38617 describes a race condition vulnerability found within the Linux kernel's networking subsystem. Specifically, the flaw occurs in the `net/packet` module during the interaction between the `packet_set_ring()` and `packet_notifier()` functions. The vulnerability arises when `packet_set_ring()` releases the `po->bind_lock`, which can allow a separate thread to execute `packet_notifier()` and process an `NETDEV_UP` event. This race condition is analogous to a previously addressed issue. The resolution involves temporarily setting `po->num` to zero, ensuring the socket remains unhooked until the lock is reacquired.

CVE-2024-30085 is an elevation of privilege vulnerability found within the Windows Cloud Files Mini Filter Driver (cldflt.sys), a kernel-level component responsible for managing cloud file synchronization operations in Windows, particularly for services like OneDrive. The flaw is a heap-based buffer overflow (CWE-122) that occurs because the driver improperly validates the size of user-supplied data before copying it into a fixed-size buffer when processing reparse points. This vulnerability allows a local attacker with low-level privileges to exploit the system. By crafting a malicious application or script that interacts with the cldflt.sys driver, an attacker can trigger the buffer overflow, corrupting kernel heap memory. Successful exploitation can lead to privilege escalation, granting the attacker SYSTEM-level access and potentially full control over the affected machine.

CVE-2025-36911, also known as "WhisperPair," is a vulnerability found in the key-based pairing process of Bluetooth audio accessories that utilize Google's Fast Pair protocol. The flaw stems from a logic error in the code, where devices may fail to properly verify if they are in pairing mode. This oversight allows an attacker in close physical proximity to exploit the vulnerability without requiring additional execution privileges or user interaction. Successful exploitation of CVE-2025-36911 can lead to remote information disclosure, potentially exposing users' conversations and location data. Attackers can forcibly pair vulnerable accessories with their own devices, gaining control over the audio device. This could enable actions such as playing audio at high volumes, recording conversations through the device's microphone, or tracking the user's location if the accessory supports Google's Find Hub network.

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.