[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38109":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":192,"related":193,"reserved_at":9,"published_at":251,"modified_at":252,"state":253,"summary":254,"references_raw":263,"kevs":282,"epss":283,"epss_history":286,"metrics":551,"affected":557},"CVE-2025-38109","In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n   refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190],{"_key":25},"SUSE-SU-2025:02853-1",{"_key":27},"SUSE-SU-2025:02923-1",{"_key":29},"SUSE-SU-2025:03315-1",{"_key":31},"SUSE-SU-2025:03317-1",{"_key":33},"SUSE-SU-2025:03319-1",{"_key":35},"SUSE-SU-2025:03321-1",{"_key":37},"SUSE-SU-2025:03418-1",{"_key":39},"SUSE-SU-2025:03419-1",{"_key":41},"USN-7770-1",{"_key":43},"USN-7789-2",{"_key":45},"SUSE-SU-2025:02969-1",{"_key":47},"SUSE-SU-2025:03023-1",{"_key":49},"SUSE-SU-2025:02997-1",{"_key":51},"SUSE-SU-2025:03011-1",{"_key":53},"SUSE-SU-2025:03341-1",{"_key":55},"SUSE-SU-2025:03343-1",{"_key":57},"SUSE-SU-2025:03406-1",{"_key":59},"SUSE-SU-2025:03408-1",{"_key":61},"SUSE-SU-2025:03410-1",{"_key":63},"SUSE-SU-2025:03412-1",{"_key":65},"SUSE-SU-2025:20577-1",{"_key":67},"SUSE-SU-2025:20586-1",{"_key":69},"SUSE-SU-2025:20601-1",{"_key":71},"SUSE-SU-2025:20602-1",{"_key":73},"SUSE-SU-2025:20722-1",{"_key":75},"SUSE-SU-2025:20723-1",{"_key":77},"SUSE-SU-2025:20724-1",{"_key":79},"SUSE-SU-2025:20725-1",{"_key":81},"SUSE-SU-2025:20726-1",{"_key":83},"SUSE-SU-2025:20727-1",{"_key":85},"SUSE-SU-2025:20728-1",{"_key":87},"SUSE-SU-2025:20729-1",{"_key":89},"SUSE-SU-2025:20730-1",{"_key":91},"SUSE-SU-2025:20731-1",{"_key":93},"SUSE-SU-2025:20733-1",{"_key":95},"SUSE-SU-2025:20734-1",{"_key":97},"SUSE-SU-2025:20735-1",{"_key":99},"SUSE-SU-2025:20737-1",{"_key":101},"SUSE-SU-2025:20738-1",{"_key":103},"SUSE-SU-2025:20768-1",{"_key":105},"SUSE-SU-2025:20769-1",{"_key":107},"SUSE-SU-2025:20770-1",{"_key":109},"SUSE-SU-2025:20771-1",{"_key":111},"SUSE-SU-2025:20772-1",{"_key":113},"SUSE-SU-2025:20774-1",{"_key":115},"SUSE-SU-2025:20784-1",{"_key":117},"SUSE-SU-2025:20785-1",{"_key":119},"SUSE-SU-2025:20786-1",{"_key":121},"SUSE-SU-2025:20787-1",{"_key":123},"SUSE-SU-2025:20788-1",{"_key":125},"SUSE-SU-2025:20789-1",{"_key":127},"SUSE-SU-2025:20790-1",{"_key":129},"SUSE-SU-2025:21074-1",{"_key":131},"SUSE-SU-2025:21139-1",{"_key":133},"SUSE-SU-2025:21179-1",{"_key":135},"SUSE-SU-2025:02996-1",{"_key":137},"OPENSUSE-SU-2025:20081-1",{"_key":139},"MGASA-2025-0218",{"_key":141},"MGASA-2025-0219",{"_key":143},"DEBIAN-CVE-2025-38109",{"_key":145},"USN-8028-1",{"_key":147},"USN-8028-2",{"_key":149},"USN-8028-3",{"_key":151},"USN-8028-4",{"_key":153},"USN-8028-5",{"_key":155},"USN-8028-6",{"_key":157},"USN-8028-7",{"_key":159},"USN-8028-8",{"_key":161},"USN-8031-1",{"_key":163},"USN-8031-2",{"_key":165},"USN-8031-3",{"_key":167},"USN-8052-1",{"_key":169},"USN-8052-2",{"_key":171},"USN-8074-1",{"_key":173},"USN-8074-2",{"_key":175},"USN-8126-1",{"_key":177},"RHSA-2026:6632",{"_key":179},"RHSA-2026:6570",{"_key":181},"UBUNTU-CVE-2025-38109",{"_key":183},"USN-7769-1",{"_key":185},"USN-7769-2",{"_key":187},"USN-7769-3",{"_key":189},"USN-7771-1",{"_key":191},"USN-7789-1",[],[194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":115},{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":129},{"_key":131},{"_key":133},{"_key":135},{"_key":137},{"_key":139},{"_key":141},"2025-07-03T08:35:19.240Z","2026-05-11T21:21:26.013Z","Analyzed",{"cisa_kev":255,"cisa_ransomware":255,"cisa_vendor":9,"epss_severity":256,"epss_score":257,"severity":258,"severity_score":259,"severity_version":260,"severity_source":261,"severity_vector":262,"severity_status":253},false,"low",0.00067,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[264,270,274,278],{"url":265,"sources":266,"tags":268},"https://git.kernel.org/stable/c/5953ae44dfe5dbad374318875be834c3b7b71ee6",[267,261],"cve.org",[269],"Patch",{"url":271,"sources":272,"tags":273},"https://git.kernel.org/stable/c/da15ca0553325acf68039015f2f4db750c8e2b96",[267,261],[269],{"url":275,"sources":276,"tags":277},"https://git.kernel.org/stable/c/24db585d369f949f698e03d7d8017e5ae19d0497",[267,261],[269],{"url":279,"sources":280,"tags":281},"https://git.kernel.org/stable/c/687560d8a9a2d654829ad0da1ec24242f1de711d",[267,261],[269],[],{"date":284,"score":257,"percentile":285},"2026-06-04",0.20891,[287,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,343,346,348,351,354,357,360,362,366,369,372,375,378,381,383,386,389,392,395,398,402,405,408,411,414,417,420,423,426,429,432,435,437,440,443,446,448,451,453,455,458,461,464,467,470,473,476,479,482,485,487,490,493,496,498,501,504,507,509,512,515,518,521,524,526,529,532,536,539,542,545,548],{"date":288,"score":289,"percentile":290},"2025-11-04",0.00034,0.09058,{"date":292,"score":289,"percentile":293},"2025-11-05",0.09067,{"date":295,"score":289,"percentile":296},"2025-11-06",0.09191,{"date":298,"score":289,"percentile":299},"2025-11-07",0.09207,{"date":301,"score":289,"percentile":302},"2025-11-08",0.09208,{"date":304,"score":289,"percentile":305},"2025-11-09",0.0918,{"date":307,"score":289,"percentile":308},"2025-11-10",0.09135,{"date":310,"score":289,"percentile":311},"2025-11-11",0.09161,{"date":313,"score":289,"percentile":314},"2025-11-12",0.09195,{"date":316,"score":289,"percentile":317},"2025-11-13",0.09235,{"date":319,"score":289,"percentile":320},"2025-11-14",0.09265,{"date":322,"score":289,"percentile":323},"2025-11-15",0.09287,{"date":325,"score":289,"percentile":326},"2025-11-16",0.09291,{"date":328,"score":289,"percentile":329},"2025-11-17",0.09278,{"date":331,"score":289,"percentile":332},"2025-11-18",0.0557,{"date":334,"score":289,"percentile":335},"2025-11-19",0.05591,{"date":337,"score":289,"percentile":338},"2025-11-20",0.05626,{"date":340,"score":341,"percentile":342},"2025-11-21",0.00023,0.05034,{"date":344,"score":341,"percentile":345},"2025-11-22",0.05042,{"date":347,"score":341,"percentile":342},"2025-11-23",{"date":349,"score":341,"percentile":350},"2025-11-24",0.05017,{"date":352,"score":341,"percentile":353},"2025-11-25",0.05027,{"date":355,"score":341,"percentile":356},"2025-11-26",0.05066,{"date":358,"score":341,"percentile":359},"2025-11-27",0.05084,{"date":361,"score":341,"percentile":356},"2025-11-28",{"date":363,"score":364,"percentile":365},"2025-11-29",0.00011,0.01018,{"date":367,"score":364,"percentile":368},"2025-11-30",0.00936,{"date":370,"score":364,"percentile":371},"2025-12-01",0.00952,{"date":373,"score":364,"percentile":374},"2025-12-02",0.00946,{"date":376,"score":364,"percentile":377},"2025-12-03",0.0095,{"date":379,"score":364,"percentile":380},"2025-12-04",0.00942,{"date":382,"score":364,"percentile":371},"2025-12-05",{"date":384,"score":364,"percentile":385},"2025-12-06",0.00954,{"date":387,"score":364,"percentile":388},"2025-12-07",0.00961,{"date":390,"score":364,"percentile":391},"2025-12-08",0.00965,{"date":393,"score":364,"percentile":394},"2025-12-09",0.00978,{"date":396,"score":364,"percentile":397},"2025-12-10",0.00989,{"date":399,"score":400,"percentile":401},"2025-12-11",0.00016,0.02699,{"date":403,"score":400,"percentile":404},"2025-12-12",0.02711,{"date":406,"score":400,"percentile":407},"2025-12-13",0.0268,{"date":409,"score":400,"percentile":410},"2025-12-14",0.02679,{"date":412,"score":400,"percentile":413},"2025-12-15",0.02673,{"date":415,"score":400,"percentile":416},"2025-12-16",0.02671,{"date":418,"score":400,"percentile":419},"2025-12-17",0.02686,{"date":421,"score":400,"percentile":422},"2025-12-18",0.02688,{"date":424,"score":400,"percentile":425},"2025-12-19",0.02695,{"date":427,"score":400,"percentile":428},"2025-12-20",0.0269,{"date":430,"score":400,"percentile":431},"2025-12-21",0.02691,{"date":433,"score":400,"percentile":434},"2025-12-22",0.02693,{"date":436,"score":400,"percentile":425},"2025-12-23",{"date":438,"score":400,"percentile":439},"2025-12-24",0.02698,{"date":441,"score":400,"percentile":442},"2025-12-25",0.02705,{"date":444,"score":400,"percentile":445},"2025-12-26",0.02708,{"date":447,"score":400,"percentile":431},"2025-12-27",{"date":449,"score":400,"percentile":450},"2025-12-28",0.02701,{"date":452,"score":400,"percentile":431},"2025-12-29",{"date":454,"score":400,"percentile":422},"2025-12-30",{"date":456,"score":400,"percentile":457},"2025-12-31",0.02683,{"date":459,"score":400,"percentile":460},"2026-01-01",0.0274,{"date":462,"score":400,"percentile":463},"2026-01-02",0.02738,{"date":465,"score":400,"percentile":466},"2026-01-03",0.02735,{"date":468,"score":400,"percentile":469},"2026-01-04",0.02672,{"date":471,"score":400,"percentile":472},"2026-01-05",0.02677,{"date":474,"score":400,"percentile":475},"2026-01-06",0.02674,{"date":477,"score":400,"percentile":478},"2026-01-07",0.02692,{"date":480,"score":400,"percentile":481},"2026-01-08",0.02721,{"date":483,"score":400,"percentile":484},"2026-01-09",0.02734,{"date":486,"score":400,"percentile":484},"2026-01-10",{"date":488,"score":400,"percentile":489},"2026-01-11",0.02718,{"date":491,"score":400,"percentile":492},"2026-01-12",0.02675,{"date":494,"score":400,"percentile":495},"2026-01-13",0.02667,{"date":497,"score":400,"percentile":469},"2026-01-14",{"date":499,"score":400,"percentile":500},"2026-01-15",0.02662,{"date":502,"score":400,"percentile":503},"2026-01-16",0.02663,{"date":505,"score":400,"percentile":506},"2026-01-17",0.02664,{"date":508,"score":400,"percentile":495},"2026-01-18",{"date":510,"score":400,"percentile":511},"2026-01-19",0.02659,{"date":513,"score":400,"percentile":514},"2026-01-20",0.02645,{"date":516,"score":400,"percentile":517},"2026-01-21",0.02639,{"date":519,"score":400,"percentile":520},"2026-01-22",0.02635,{"date":522,"score":400,"percentile":523},"2026-01-23",0.02643,{"date":525,"score":400,"percentile":506},"2026-01-24",{"date":527,"score":400,"percentile":528},"2026-01-25",0.0266,{"date":530,"score":400,"percentile":531},"2026-01-26",0.02656,{"date":533,"score":534,"percentile":535},"2026-01-27",0.00018,0.03643,{"date":537,"score":534,"percentile":538},"2026-01-28",0.0363,{"date":540,"score":534,"percentile":541},"2026-01-29",0.03651,{"date":543,"score":534,"percentile":544},"2026-01-30",0.03652,{"date":546,"score":534,"percentile":547},"2026-01-31",0.03628,{"date":549,"score":534,"percentile":550},"2026-02-01",0.03722,[552],{"source":261,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":553,"cvss_v4_0":9},{"baseScore":259,"baseSeverity":554,"vectorString":262,"impactScore":555,"exploitabilityScore":556},"HIGH",9.8,4.6,[558,581],{"ecosystem":9,"name":559,"vendor":560,"product":560,"cpe_part":561,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":562},"Linux","linux","a",[563,570,573,576,579],{"version":564,"is_range":565,"range_type":267,"version_start":566,"version_start_type":567,"version_end":568,"version_end_type":569,"fixed_in":9},">= a7719b29a82199b90ebbf355d3332e0fbfbf6045, \u003C 5953ae44dfe5dbad374318875be834c3b7b71ee6",true,"a7719b29a82199b90ebbf355d3332e0fbfbf6045","including","5953ae44dfe5dbad374318875be834c3b7b71ee6","excluding",{"version":571,"is_range":565,"range_type":267,"version_start":566,"version_start_type":567,"version_end":572,"version_end_type":569,"fixed_in":9},">= a7719b29a82199b90ebbf355d3332e0fbfbf6045, \u003C da15ca0553325acf68039015f2f4db750c8e2b96","da15ca0553325acf68039015f2f4db750c8e2b96",{"version":574,"is_range":565,"range_type":267,"version_start":566,"version_start_type":567,"version_end":575,"version_end_type":569,"fixed_in":9},">= a7719b29a82199b90ebbf355d3332e0fbfbf6045, \u003C 24db585d369f949f698e03d7d8017e5ae19d0497","24db585d369f949f698e03d7d8017e5ae19d0497",{"version":577,"is_range":565,"range_type":267,"version_start":566,"version_start_type":567,"version_end":578,"version_end_type":569,"fixed_in":9},">= a7719b29a82199b90ebbf355d3332e0fbfbf6045, \u003C 687560d8a9a2d654829ad0da1ec24242f1de711d","687560d8a9a2d654829ad0da1ec24242f1de711d",{"version":580,"is_range":255,"range_type":267,"version_start":580,"version_start_type":567,"version_end":580,"version_end_type":567,"fixed_in":9},"6.5",{"ecosystem":9,"name":582,"vendor":560,"product":583,"cpe_part":584,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":585},"linux kernel","linux_kernel","o",[586,590,594,598],{"version":587,"is_range":565,"range_type":588,"version_start":580,"version_start_type":567,"version_end":589,"version_end_type":569,"fixed_in":9},"gte6.5_lt6.6.94","cpe","6.6.94",{"version":591,"is_range":565,"range_type":588,"version_start":592,"version_start_type":567,"version_end":593,"version_end_type":569,"fixed_in":9},"gte6.7_lt6.12.34","6.7","6.12.34",{"version":595,"is_range":565,"range_type":588,"version_start":596,"version_start_type":567,"version_end":597,"version_end_type":569,"fixed_in":9},"gte6.13_lt6.15.3","6.13","6.15.3",{"version":599,"is_range":255,"range_type":588,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc1"]