From ea5741186b035a138c0ec87908c28792f03b0ac5 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 14 Nov 2025 15:06:31 +0000
Subject: [PATCH 1/3] Analysis for CVE-2025-22056.yml

---
 vulns/CVE-2025-22056.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 vulns/CVE-2025-22056.yml

diff --git a/vulns/CVE-2025-22056.yml b/vulns/CVE-2025-22056.yml
new file mode 100644
index 0000000..b2cf299
--- /dev/null
+++ b/vulns/CVE-2025-22056.yml
@@ -0,0 +1,11 @@
+reachability: Local
+memory_corruption: true
+bug_class: Buffer Overflow
+impact: LPE
+privileges_required: false
+notes: |2-
+   Heap out-of-bounds write in nft_tunnel_obj_init() when parsing multiple
+  NFTA_TUNNEL_KEY_OPTS_GENEVE attributes. Unprivileged user can trigger this
+  with unshare -rn
+author: Oracle Corporation
+version: v0.1

From d3b01706b53556e27bc5472407ef439c1dac5ac4 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 14 Nov 2025 15:06:31 +0000
Subject: [PATCH 2/3] Analysis for CVE-2025-38120.yml

---
 vulns/CVE-2025-38120.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 vulns/CVE-2025-38120.yml

diff --git a/vulns/CVE-2025-38120.yml b/vulns/CVE-2025-38120.yml
new file mode 100644
index 0000000..2faa8d6
--- /dev/null
+++ b/vulns/CVE-2025-38120.yml
@@ -0,0 +1,8 @@
+reachability: Remote
+memory_corruption: false
+bug_class: Logic Error
+impact: Firewall bypass
+privileges_required: false
+notes: Logic error which could lead to firewall-bypass
+author: Oracle Corporation
+version: v0.1

From 15fed0857998b91962206da0b95740efeae82ff9 Mon Sep 17 00:00:00 2001
From: Oracle Linux CVE analysis bot <ora-linux-cve-analysis_mb@oracle.com>
Date: Fri, 14 Nov 2025 15:06:31 +0000
Subject: [PATCH 3/3] Analysis for CVE-2025-38273.yml

---
 vulns/CVE-2025-38273.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 vulns/CVE-2025-38273.yml

diff --git a/vulns/CVE-2025-38273.yml b/vulns/CVE-2025-38273.yml
new file mode 100644
index 0000000..c0cee67
--- /dev/null
+++ b/vulns/CVE-2025-38273.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UAF
+impact: LPE
+privileges_required: false
+notes: |2-
+   classic use-after-free on struct tipc_crypto, reachable by unprivileged
+  users using namespaces.
+author: Oracle Corporation
+version: v0.1