Cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/cpes/cpe2.3olinuxlinux_kernel6.15rc1/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 11 May 2026 07:50:49 +0000CVE-2025-37750 SMB Client Use-After-Free Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-05-smb-uaf/Mon, 11 May 2026 07:50:49 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-smb-uaf/CVE-2025-37750 is a use-after-free vulnerability in the SMB client related to decryption with multichannel that could lead to code execution.CVE-2025-37750 is a use-after-free vulnerability affecting the SMB client, specifically during decryption with multichannel. While specific details are scarce, the nature of a use-after-free vulnerability in a network protocol client suggests a potential for remote code execution if an attacker can control the SMB server response. Microsoft has released a security update to address this vulnerability. This vulnerability poses a significant risk to systems acting as SMB clients, as a compromised SMB server or a man-in-the-middle attacker could potentially exploit this flaw.

Attack Chain

Due to the limited information available, the following attack chain is inferred based on the nature of the vulnerability and typical SMB client interactions:

  1. An attacker compromises or controls an SMB server.
  2. A client initiates an SMB connection to the malicious server.
  3. The server sends a response requiring multichannel negotiation.
  4. The client attempts to negotiate multichannel and starts decryption.
  5. The server sends a specially crafted response during decryption, triggering the use-after-free condition within the SMB client.
  6. The vulnerability is triggered and allows the attacker to corrupt memory.
  7. The attacker leverages the memory corruption to achieve code execution on the client machine.
  8. The attacker gains control of the client system.

Impact

Successful exploitation of CVE-2025-37750 allows a malicious SMB server or man-in-the-middle attacker to execute arbitrary code on the client machine. This could lead to complete system compromise, including data theft, malware installation, and lateral movement within the network. The lack of specific details makes quantifying the exact impact difficult, but the potential for remote code execution warrants immediate attention.

Recommendation

  • Apply the security update released by Microsoft to patch CVE-2025-37750.
  • Monitor SMB client connections for unusual patterns or connections to untrusted servers using network connection logs (product: windows, category: network_connection).
  • Deploy the provided Sigma rule to detect suspicious processes spawned after SMB client activity.
]]>highadvisorycvesmbuse-after-freerceCVE-2025-37877 iommu: Clear iommu-dma ops on cleanuphttps://feed.craftedsignal.io/briefs/2026-05-cve-2025-37877-iommu/Mon, 11 May 2026 07:50:31 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cve-2025-37877-iommu/CVE-2025-37877 is a vulnerability in the iommu component requiring proper cleanup, affecting Microsoft products.CVE-2025-37877 is a vulnerability related to the Input/Output Memory Management Unit (IOMMU) within Microsoft products. The vulnerability stems from a failure to properly clear iommu-dma operations during cleanup, potentially leading to resource management issues or unexpected behavior. This could be exploited to cause a denial-of-service or potentially gain unauthorized access, depending on the specific implementation and affected components. The vulnerability requires a specifically crafted input or condition to trigger the improper cleanup sequence. Successful exploitation could destabilize the system or expose sensitive data.

Attack Chain

  1. An attacker gains initial access to the system (details unspecified in source).
  2. The attacker triggers a specific operation that utilizes the IOMMU.
  3. The IOMMU processes the request, allocating resources for DMA operations.
  4. The initial operation completes or is terminated abnormally.
  5. The cleanup routine for the IOMMU fails to properly clear the iommu-dma operations.
  6. Subsequent IOMMU operations may be affected by the uncleared state.
  7. An attacker exploits the lingering state to cause a denial-of-service by exhausting resources.

Impact

Successful exploitation of CVE-2025-37877 can lead to denial-of-service conditions due to resource exhaustion or system instability. The number of potential victims is broad, affecting systems that utilize the vulnerable IOMMU implementation. The primary impact involves the interruption of services and potential data loss or corruption, depending on the specific context of the exploitation.

Recommendation

  • Apply the security update released by Microsoft to patch CVE-2025-37877 as soon as possible, as referenced in the advisory.
  • Monitor systems for unexpected IOMMU-related errors or resource exhaustion, which could indicate exploitation attempts.
]]>mediumadvisoryvulnerabilityiommucleanup