Merge pull request #293 from bottlerocket-os/advisories-20251014

advisories: Add BRSA for Kernel Kit 4.3.4

Author: yeazelm

advisories/4.3.4/BRSA-2uq7otsimmgp.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-2uq7otsimmgp"
+title = "kernel CVE-2024-57924"
+cve = "CVE-2024-57924"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-4w6xuffmokzc.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-4w6xuffmokzc"
+title = "kernel CVE-2025-39843"
+cve = "CVE-2025-39843"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-byfuwryw5xtd.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-byfuwryw5xtd"
+title = "kernel CVE-2025-39877"
+cve = "CVE-2025-39877"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in state_show()"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-bzvcguhwp93i.toml

@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-bzvcguhwp93i"
+title = "Bottlerocket Kernel 6.1 Updates"
+severity = "high"
+description = "Kernel version 6.1.155 is now available with important fixes. All users must upgrade. Advisory information for kernel is often published after new kernels become available. Bottlerocket recommends that you consume the latest kernel release for your LTS version."
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["aarch64", "x86_64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-dg8pyordlzru.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-dg8pyordlzru"
+title = "kernel CVE-2025-39866"
+cve = "CVE-2025-39866"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty()"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-g2zrqspdhtfg.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-g2zrqspdhtfg"
+title = "kernel CVE-2025-39909"
+cve = "CVE-2025-39909"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-gd6oibbnzngh.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-gd6oibbnzngh"
+title = "kernel CVE-2025-23143"
+cve = "CVE-2025-23143"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod."
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-hc6rceo3sh1i.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-hc6rceo3sh1i"
+title = "kernel CVE-2025-39881"
+cve = "CVE-2025-39881"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-kmihpzxkzxec.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-kmihpzxkzxec"
+title = "kernel CVE-2025-39902"
+cve = "CVE-2025-39902"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err()"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"

advisories/4.3.4/BRSA-kwnahsylgrmv.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-kwnahsylgrmv"
+title = "kernel CVE-2025-39898"
+cve = "CVE-2025-39898"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.155"
+patched-epoch = "0"
+
+[updateinfo]
+author = "yeazelm"
+issue-date = 2025-10-14T20:26:26Z
+arches = ["x86_64", "aarch64"]
+version = "4.3.4"