CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ and the TBF Qdisc can lead to a 0x0000 being written approximately 256KB out of bounds at a misaligned offset. If properly exploited, this can enable privilege escalation.

• Spray sfq_slots in kmalloc-64 to prevent an immediate kernel crash when the bug is triggered.
• Prevent a type-confused skb from being dequeued by reconfiguring the TBF Qdisc. Drop TBF rate and add packet overhead before the OOB write occurs.
• Use the 0x0000 written 262636 bytes OOB to corrupt the pipe->files field of a named pipe, free the pipe, cause page-level UAF and get arbitrary R/W in that page.
• Reclaim the freed page with signalfd files and use the page-level R/W primitive to swap file->private_data with file->f_cred.
• Get root by overwriting the process credentials with zeros via signalfd4().bounds at a misaligned offset. If properly exploited, this can enable privilege escalation.

This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions.

Credit
An independent security researcher working with SSD Secure Disclosure.

Vendor Response
Ubuntu has released the following advisory and fix: https://ubuntu.com/security/CVE-2025-0927

Uncover the details of CVE-2025-24118, a critical vulnerability in Apple's MacOS. Understand the risks and the patched versions.

Existing low-level access for security solutions will undergo a rework

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.

Microsoft has started responding with changes it wants to see in the wake of the CrowdStrike botched update. It looks like Windows kernel access is on the agenda.

Arm discloses a critical vulnerability (CVE-2024-4610) in Mali GPU Kernel Drivers. This flaw, actively exploited, affects versions from r34p0 to r40p0

A few months ago, I wrote about a rumor that TheFloW‘s yet-to-be-disclosed PS4/PS5 Kernel exploit was relying on an 18 year old vulnerability. What sounded like an obvious troll initially, then looked more and...

CVE-2024-1086 turns the page tables on system admins

GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a

I recently found an integer overflow in the Linux kernel, which leads
to the kernel allocating skb_shared_info in the userspace, which is
exploitable in systems without SMAP protection since skb_shared_info
contains references to function pointers.

Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic. Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse...

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.

An issue has been discovered in the Linux kernel that can be abused by
unprivileged local users to escalate privileges.

The issue is about Netfilter nf_tables accepting some invalid updates
to its configuration.

Kernel 6.2 ditched a useful defense against ghostly chip design flaw

Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.

Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.

Diverto is an information security company. We provide consulting and managed services.