cloud-lts · ora-linux-cve-analysis · Dec 19, 2025 · Dec 19, 2025 · Dec 19, 2025 · Dec 19, 2025
diff --git a/vulns/CVE-2025-40061.yml b/vulns/CVE-2025-40061.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: DoS, LPE
+privileges_required: false
+notes: |2-
+   Use after free in rxe soft-RoCE driver leading to LPE through unprivileged
+  user's use of namespaces
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40074.yml b/vulns/CVE-2025-40074.yml
@@ -0,0 +1,11 @@
+reachability: Local
+memory_corruption: true
+bug_class: Use-after-free
+impact: LPE
+privileges_required: false
+notes: |2-
+   IPv4 helpers fetched dst->dev without holding an RCU  read-side lock,
+  leading to a use-after-free on struct net_device. An unprivileged user can
+  reach this by making use of (unshare -rn).
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40135.yml b/vulns/CVE-2025-40135.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: Use-after-free
+impact: LPE
+privileges_required: false
+notes: UAF in ipv6 code, unprivileged user can reach this with unshare -rn.
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40159.yml b/vulns/CVE-2025-40159.yml
@@ -0,0 +1,11 @@
+reachability: Local
+memory_corruption: true
+bug_class: Buffer Overflow
+impact: DoS, Info Leak, LPE
+privileges_required: false
+notes: |2-
+   Integer overflow or wraparound in net/xdp leading to DoS, OOB reads and OOB
+  writes in Zero-Copy environments giving unprivileged users a path to
+  arbitrary code execution and LPE
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40176.yml b/vulns/CVE-2025-40176.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: DoS, LPE, Info Leak
+privileges_required: false
+notes: |2-
+   Use after free in net/tls leading to DoS, kernel information leak and
+  potentially arbitrary writes and LPE
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40186.yml b/vulns/CVE-2025-40186.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: Double Free
+impact: DoS, LPE
+privileges_required: false
+notes: |2-
+   Double free in net/ipv4 leading to DoS and LPE, trigerrable by unprivileged
+  users through namespaces (unshare -Urn)
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40215.yml b/vulns/CVE-2025-40215.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: false
+bug_class: Memory Leak
+impact: DoS
+privileges_required: false
+notes: |2-
+   Kernel will automatically load necessary modules when triggered by
+  privileged user in its own namespace, plus existing kCTF entry
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2025-40271.yml b/vulns/CVE-2025-40271.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: false
+bug_class: UaF
+impact: DoS, Info Leak
+privileges_required: false
+notes: |2-
+   Use after free in fs/proc leading to DoS and kernel info leak by
+  unprivileged user through namespaces
+author: Oracle Corporation
+version: v0.1