cloud-lts · amitu314 · Sep 17, 2025 · Oct 2, 2025
diff --git a/vulns/CVE-2025-39797.yml b/vulns/CVE-2025-39797.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: no
+bug_class: dropped packets
+impact: Availability and  Data Integrity issue
+privileges_required: yes
+notes: Dropped packets can cause availability issue. Also, worth noting that packets being dropped can interfere with data so Integrity is also impacted. CONFIG_XFRM needs to be enabled for exploitation
+author: Microsoft
+version: 0.1
diff --git a/vulns/CVE-2025-39798.yml b/vulns/CVE-2025-39798.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: no
+bug_class: Permissions, Privileges, and Access Controls (Incorrect capabilities assignment after new mounting)
+impact: Potential unauthorized access
+privileges_required: yes
+notes: This is likely a  bug not a security vulnerability. However, argument can be made that if capabilities are not set correctly, this could lead to unauthorized access (long shot possibility).  CONFIG_NFS_FS  or CONFIG_NFS_V4 or CONFIG_NFS_V3 need to be enabled for exploitation 
+author: Microsoft
+version: 0.1
diff --git a/vulns/CVE-2025-39799.yml b/vulns/CVE-2025-39799.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: no
+bug_class: Incorrect Control Flow Implementation
+impact: Potential crash
+privileges_required: yes
+notes: This will likely cause kernel warning. Possibility of kernel panic or crash is remote (and less probable) and would happen by flooding the logs with warning messages 
+author: Microsoft
+version: 0.1