VDB
WID-SEC-W-2025-1270
WID-SEC-W-2025-1270
PUBLISHED
CVSS 8.699999809265137 HIGH
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source Linux Kernel <6.12.32 | ||
| Debian Linux | ||
| Open Source Linux Kernel 6.6.93 | ||
| Dell Secure Connect Gateway Appliance <5.32.00.18 | ||
| Dell Avamar | ||
| Open Source Linux Kernel <6.14.10 | ||
| Open Source Linux Kernel <6.6.93 | ||
| Open Source Linux Kernel 6.12.32 | ||
| Amazon Linux 2 | ||
| Open Source Linux Kernel 5.10.238 | ||
| Open Source Linux Kernel 6.14.10 | ||
| Open Source Linux Kernel <5.4.294 | ||
| Open Source Linux Kernel <6.1.141 | ||
| Open Source Linux Kernel <5.10.238 | ||
| Dell NetWorker Virtual Edition | ||
| Google Container-Optimized OS | ||
| Dell Secure Connect Gateway Appliance 5.32.00.18 | ||
| Open Source Linux Kernel 6.15.1 | ||
| Open Source Linux Kernel <6.15.1 | ||
| Open Source Linux Kernel 6.1.141 |
Exploit Intelligence
- ngobao2002/CVE-2025-38001-test (github-poc-repo)
- Repository ini berisi Proof of Concept (PoC) untuk celah keamanan CVE-2025-38001 yang menyerang modul HFSC pada Kernel Linux. Dibuat khusus untuk bahan belajar kernel memory corruption dan audit sistem keamanan (github-poc-repo)
- Repository ini berisi Proof of Concept (PoC) untuk celah keamanan CVE-2025-38001 yang menyerang modul HFSC pada Kernel Linux. Dibuat khusus untuk bahan belajar kernel memory corruption dan audit sistem keamanan (github-poc)
- Public exploit for CVE-2025-38001 (github-poc)
- ngobao2002/CVE-2025-38001-test (github-poc)
- khoatran107/cve-2025-38001 (github-poc)
- CVE-2025-38001: Linux HFSC Eltree Use-After-Free - Debian 12 PoC (github-poc)
- https://lists.suse.com/pipermail/sle-security-updates/2025-September/022413.html (circl)
- https://lists.suse.com/pipermail/sle-security-updates/2025-September/022677.html (circl)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJXQ5TFHHXOY34RCSJPZ32PXICETJJAT/ (circl)
…and 186 more exploits
Timeline
- Jun 9, 2025 CVE Published
- Jan 19, 2026 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1270.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1270 advisory
- https://lore.kernel.org/linux-cve-announce/ url
- https://lore.kernel.org/linux-cve-announce/2025060639-CVE-2025-38000-f5a4@gregkh/ url
- https://lore.kernel.org/linux-cve-announce/2025060650-CVE-2025-38001-f921@gregkh/ url
- https://lore.kernel.org/linux-cve-announce/2025060644-CVE-2025-38002-5e89@gregkh/ url
- https://lore.kernel.org/linux-cve-announce/2025060859-CVE-2025-38003-6565@gregkh/ url
- https://lore.kernel.org/linux-cve-announce/2025060801-CVE-2025-38004-30d2@gregkh/ url
- https://cloud.google.com/support/bulletins#gcp-2025-034 url
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-095.html url
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-103.html url
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-075.html url
- https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-103.html url
- https://ubuntu.com/security/notices/USN-7611-1 url
- https://ubuntu.com/security/notices/USN-7610-1 url
- https://ubuntu.com/security/notices/USN-7609-1 url
- https://ubuntu.com/security/notices/USN-7608-1 url
- https://ubuntu.com/security/notices/USN-7608-2 url
- https://ubuntu.com/security/notices/USN-7608-3 url
- https://ubuntu.com/security/notices/USN-7609-2 url
…and 168 more