advisories: Add BRSA for Kernel kit 4.3.2

Author: vyaghras

advisories/4.3.2/BRSA-01e8lgtafne6.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-01e8lgtafne6"
+title = "kernel CVE-2025-39779"
+cve = "CVE-2025-39779"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: btrfs: subpage: keep TOWRITE tag until folio is cleaned"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-0j10l02cdw6s.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-0j10l02cdw6s"
+title = "kernel CVE-2025-39848"
+cve = "CVE-2025-39848"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv()"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.153"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-1vytgbikaj25.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-1vytgbikaj25"
+title = "kernel CVE-2025-38721"
+cve = "CVE-2025-38721"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-36oijmuxyj9x.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-36oijmuxyj9x"
+title = "kernel CVE-2025-38608"
+cve = "CVE-2025-38608"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-3chr3pssxo4v.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-3chr3pssxo4v"
+title = "kernel CVE-2025-38709"
+cve = "CVE-2025-38709"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-3rdajf6zo1x7.toml

@@ -0,0 +1,22 @@
+[advisory]
+id = "BRSA-3rdajf6zo1x7"
+title = "kernel CVE-2025-38590"
+cve = "CVE-2025-38590"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.153"
+patched-epoch = "0"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-4n6x25qvafit.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-4n6x25qvafit"
+title = "kernel CVE-2025-39730"
+cve = "CVE-2025-39730"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-5akwqiyuldb8.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-5akwqiyuldb8"
+title = "kernel CVE-2025-39770"
+cve = "CVE-2025-39770"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-6lzxq0a5illn.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-6lzxq0a5illn"
+title = "kernel CVE-2025-38566"
+cve = "CVE-2025-38566"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.2"

advisories/4.3.2/BRSA-6vzwyxigdjpo.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-6vzwyxigdjpo"
+title = "kernel CVE-2025-39723"
+cve = "CVE-2025-39723"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.46"
+patched-epoch = "0"
+
+[updateinfo]
+author = "vyaghras"
+issue-date = 2025-09-29T22:42:23Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.2"