In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. — CVE-2025-48637

Zusammenfassung

Sicherheitshinweis CVE-2025-48637. In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local… Hersteller: Microsoft. Quelle: MSRC. Risiko: high. CVSS 7.8. Details…

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN CVE-2025-40305
• ALSA: dice: fix buffer overflow in detect_stream_formats() CVE-2025-68346
• amd/amdkfd: enhance kfd process check in switch partition CVE-2025-68174
• Apache HTTP Server: mod_md (ACME), unintended retry intervals CVE-2025-55753
• Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF CVE-2025-59775
• Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... CVE-2025-58098
• Application Information Service Elevation of Privilege Vulnerability CVE-2025-62572
• arrayLimit bypass in bracket notation allows DoS via memory exhaustion CVE-2025-15284
• ASoC: Intel: avs: Do not share the name pointer between components CVE-2025-40338
• Azure Cosmos DB Spoofing Vulnerability CVE-2025-64675
• Azure Monitor Agent Remote Code Execution Vulnerability CVE-2025-62550
• bfs: Reconstruct file type when loading from disk CVE-2025-68266