Merge pull request #309 from gthao313/advisories-20251110

gthao313 · web-flow · commit f2dd13816c6c · 2025-11-10T15:40:24.000-08:00
advisories: Add BRSA for Kernel Kit 4.4.2
diff --git a/advisories/4.4.2/BRSA-30yaohlr5esp.toml b/advisories/4.4.2/BRSA-30yaohlr5esp.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-30yaohlr5esp"
+title = "kernel CVE-2025-39964"
+cve = "CVE-2025-39964"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-8svr36iabkzs.toml b/advisories/4.4.2/BRSA-8svr36iabkzs.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-8svr36iabkzs"
+title = "Bottlerocket Kernel 6.12 Updates"
+severity = "high"
+description = "Kernel version 6.12.53 is now available with important fixes. All users must upgrade. Advisory information for kernel is often published after new kernels become available. Bottlerocket recommends that you consume the latest kernel release for your LTS version."
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-9rxz9dndwm0v.toml b/advisories/4.4.2/BRSA-9rxz9dndwm0v.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-9rxz9dndwm0v"
+title = "kernel CVE-2025-39965"
+cve = "CVE-2025-39965"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-asdyj04knyha.toml b/advisories/4.4.2/BRSA-asdyj04knyha.toml
@@ -0,0 +1,22 @@
+[advisory]
+id = "BRSA-asdyj04knyha"
+title = "kernel CVE-2025-39998"
+cve = "CVE-2025-39998"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.156"
+patched-epoch = "0"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["aarch64", "x86_64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-bw9vtgq0xn3w.toml b/advisories/4.4.2/BRSA-bw9vtgq0xn3w.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-bw9vtgq0xn3w"
+title = "kernel CVE-2025-39830"
+cve = "CVE-2025-39830"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["aarch64", "x86_64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-c5mvbcbh2eha.toml b/advisories/4.4.2/BRSA-c5mvbcbh2eha.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-c5mvbcbh2eha"
+title = "kernel CVE-2025-39816"
+cve = "CVE-2025-39816"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-ceygfdsmh0ff.toml b/advisories/4.4.2/BRSA-ceygfdsmh0ff.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-ceygfdsmh0ff"
+title = "kernel CVE-2025-39956"
+cve = "CVE-2025-39956"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igc_probe() on LED setup error"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-cybqpduec2kv.toml b/advisories/4.4.2/BRSA-cybqpduec2kv.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-cybqpduec2kv"
+title = "kernel CVE-2025-39953"
+cve = "CVE-2025-39953"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroup_destroy_wq into 3 workqueues"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-f6fhsdtysulq.toml b/advisories/4.4.2/BRSA-f6fhsdtysulq.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-f6fhsdtysulq"
+title = "kernel CVE-2025-39946"
+cve = "CVE-2025-39946"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-iaiukcad9pc0.toml b/advisories/4.4.2/BRSA-iaiukcad9pc0.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-iaiukcad9pc0"
+title = "kernel CVE-2025-39947"
+cve = "CVE-2025-39947"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["aarch64", "x86_64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-j6dpmzpvros7.toml b/advisories/4.4.2/BRSA-j6dpmzpvros7.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-j6dpmzpvros7"
+title = "Bottlerocket Kernel 6.1 Updates"
+severity = "high"
+description = "Kernel version 6.1.156 is now available with important fixes. All users must upgrade. Advisory information for kernel is often published after new kernels become available. Bottlerocket recommends that you consume the latest kernel release for your LTS version."
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "6.1.156"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-l8z12lfcfdrb.toml b/advisories/4.4.2/BRSA-l8z12lfcfdrb.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-l8z12lfcfdrb"
+title = "kernel CVE-2025-39992"
+cve = "CVE-2025-39992"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-nx4ykrgapulz.toml b/advisories/4.4.2/BRSA-nx4ykrgapulz.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-nx4ykrgapulz"
+title = "kernel CVE-2025-39955"
+cve = "CVE-2025-39955"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()."
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["aarch64", "x86_64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-piek7akeubt6.toml b/advisories/4.4.2/BRSA-piek7akeubt6.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-piek7akeubt6"
+title = "kernel CVE-2025-39677"
+cve = "CVE-2025-39677"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-slnfeuobycei.toml b/advisories/4.4.2/BRSA-slnfeuobycei.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-slnfeuobycei"
+title = "kernel CVE-2025-39961"
+cve = "CVE-2025-39961"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-twuxdzjdcbye.toml b/advisories/4.4.2/BRSA-twuxdzjdcbye.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-twuxdzjdcbye"
+title = "kernel CVE-2025-38248"
+cve = "CVE-2025-38248"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-vqkzowjqnsqb.toml b/advisories/4.4.2/BRSA-vqkzowjqnsqb.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-vqkzowjqnsqb"
+title = "kernel CVE-2025-39963"
+cve = "CVE-2025-39963"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-xcucgtqufo0x.toml b/advisories/4.4.2/BRSA-xcucgtqufo0x.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-xcucgtqufo0x"
+title = "kernel CVE-2025-39931"
+cve = "CVE-2025-39931"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["x86_64", "aarch64"]
+version = "4.4.2"
diff --git a/advisories/4.4.2/BRSA-yzsluvttkmwq.toml b/advisories/4.4.2/BRSA-yzsluvttkmwq.toml
@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-yzsluvttkmwq"
+title = "kernel CVE-2025-39940"
+cve = "CVE-2025-39940"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow"
+
+[[advisory.products]]
+package-name = "kernel-6.12"
+patched-version = "6.12.53"
+patched-epoch = "0"
+
+[updateinfo]
+author = "tianhg"
+issue-date = 2025-10-28T18:38:50Z
+arches = ["aarch64", "x86_64"]
+version = "4.4.2"
