Merge pull request #287 from yeazelm/4_3_3_advisories

yeazelm · web-flow · commit 7aff4ff65a45 · 2025-10-09T14:39:13.000-07:00
advisories: Add BRSAs for Kernel kit 4.3.3
diff --git a/advisories/4.3.3/BRSA-6dfap5ynaqk3.toml b/advisories/4.3.3/BRSA-6dfap5ynaqk3.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-6dfap5ynaqk3"
+title = "kmod-nvidia CVE-2025-23330"
+cve = "CVE-2025-23330"
+severity = "moderate"
+description = "NVIDIA Display Driver for Linux contains a vulnerability that could lead to a null pointer dereference resulting in denial of service."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:31:15Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.3"
diff --git a/advisories/4.3.3/BRSA-djsljhck18cr.toml b/advisories/4.3.3/BRSA-djsljhck18cr.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-djsljhck18cr"
+title = "kmod-nvidia CVE-2025-23345"
+cve = "CVE-2025-23345"
+severity = "moderate"
+description = "NVIDIA Display Driver for Linux contains a vulnerability in a video decoder that might cause an out-of-bounds read which could lead to information disclosure or denial of service."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:31:27Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.3"
diff --git a/advisories/4.3.3/BRSA-ijs50tlmfnnu.toml b/advisories/4.3.3/BRSA-ijs50tlmfnnu.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-ijs50tlmfnnu"
+title = "kmod-nvidia CVE-2025-23300"
+cve = "CVE-2025-23300"
+severity = "moderate"
+description = "NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource which could lead to denial of service."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:31:10Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.3"
diff --git a/advisories/4.3.3/BRSA-krlczybuqokb.toml b/advisories/4.3.3/BRSA-krlczybuqokb.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-krlczybuqokb"
+title = "kmod-nvidia CVE-2025-23282"
+cve = "CVE-2025-23282"
+severity = "high"
+description = "NVIDIA Display Driver for Linux contains a race condition which could escalate privileges and might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:31:05Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.3"
diff --git a/advisories/4.3.3/BRSA-v1svnbbvzcpi.toml b/advisories/4.3.3/BRSA-v1svnbbvzcpi.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-v1svnbbvzcpi"
+title = "kmod-nvidia CVE-2025-23332"
+cve = "CVE-2025-23332"
+severity = "moderate"
+description = "NVIDIA Display Driver for Linux contains a flaw that could cause a null pointer deference which might lead to denial of service."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:31:22Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.3"
diff --git a/advisories/4.3.3/BRSA-zc1olgtco3s2.toml b/advisories/4.3.3/BRSA-zc1olgtco3s2.toml
@@ -0,0 +1,27 @@
+[advisory]
+id = "BRSA-zc1olgtco3s2"
+title = "kmod-nvidia CVE-2025-23280"
+cve = "CVE-2025-23280"
+severity = "high"
+description = "NVIDIA Display Driver for Linux contains a flaw that could cause a use-after-free vulnerability which might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."
+
+[[advisory.products]]
+package-name = "kmod-6.1-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r570"
+patched-version = "570.195.03"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "kmod-6.12-nvidia-r580"
+patched-version = "580.95.05"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-09T17:30:59Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.3"
