Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-2jj4-33hw-m7m9/GHSA-2jj4-33hw-m7m9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jj4-33hw-m7m9",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21821"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n    BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n    Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n    CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n    Hardware name: Nokia 770\n    Call trace:\n     unwind_backtrace from show_stack+0x10/0x14\n     show_stack from dump_stack_lvl+0x54/0x5c\n     dump_stack_lvl from __schedule_bug+0x50/0x70\n     __schedule_bug from __schedule+0x4d4/0x5bc\n     __schedule from schedule+0x34/0xa0\n     schedule from schedule_preempt_disabled+0xc/0x10\n     schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n     __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n     clk_prepare_lock from clk_set_rate+0x18/0x154\n     clk_set_rate from sossi_read_data+0x4c/0x168\n     sossi_read_data from hwa742_read_reg+0x5c/0x8c\n     hwa742_read_reg from send_frame_handler+0xfc/0x300\n     send_frame_handler from process_pending_requests+0x74/0xd0\n     process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n     lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n     __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n     handle_irq_event from handle_level_irq+0x9c/0x170\n     handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n     generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n     omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n     generic_handle_arch_irq from call_with_stack+0x1c/0x24\n     call_with_stack from __irq_svc+0x94/0xa8\n    Exception stack(0xc5255da0 to 0xc5255de8)\n    5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n    5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n    5de0: 60000013 ffffffff\n     __irq_svc from clk_prepare_lock+0x4c/0xe4\n     clk_prepare_lock from clk_get_rate+0x10/0x74\n     clk_get_rate from uwire_setup_transfer+0x40/0x180\n     uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n     spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n     spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n     __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n     __spi_sync from spi_sync+0x24/0x40\n     spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n     ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n     ads7846_irq from irq_thread_fn+0x1c/0x78\n     irq_thread_fn from irq_thread+0x120/0x228\n     irq_thread from kthread+0xc8/0xe8\n     kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-37p3-cfcq-p2hp/GHSA-37p3-cfcq-p2hp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37p3-cfcq-p2hp",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21815"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order)\nin isolate_freepages_block().  The bogus compound_order can be any value\nbecause it is union with flags.  Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-3f4p-8qj7-5fxp/GHSA-3f4p-8qj7-5fxp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3f4p-8qj7-5fxp",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21817"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: mark GFP_NOIO around sysfs ->store()\n\nsysfs ->store is called with queue freezed, meantime we have several\n->store() callbacks(update_nr_requests, wbt, scheduler) to allocate\nmemory with GFP_KERNEL which may run into direct reclaim code path,\nthen potential deadlock can be caused.\n\nFix the issue by marking NOIO around sysfs ->store()",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-3vq2-wj5j-j897/GHSA-3vq2-wj5j-j897.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3vq2-wj5j-j897",
-  "modified": "2025-02-27T21:32:16Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:16Z",
   "aliases": [
     "CVE-2025-21803"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix warnings during S3 suspend\n\nThe enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(),\nand the later one may call the preempt_schedule_common() function,\nresulting in a thread switch and causing the CPU to be in an interrupt\nenabled state after the enable_gpe_wakeup() function returns, leading\nto the warnings as follow.\n\n[ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8\n[ C0]          ...\n[ C0] Call Trace:\n[ C0] [<90000000002243b4>] show_stack+0x64/0x188\n[ C0] [<900000000164673c>] dump_stack_lvl+0x60/0x88\n[ C0] [<90000000002687e4>] __warn+0x8c/0x148\n[ C0] [<90000000015e9978>] report_bug+0x1c0/0x2b0\n[ C0] [<90000000016478e4>] do_bp+0x204/0x3b8\n[ C0] [<90000000025b1924>] exception_handlers+0x1924/0x10000\n[ C0] [<9000000000343bbc>] ktime_get+0xbc/0xc8\n[ C0] [<9000000000354c08>] tick_sched_timer+0x30/0xb0\n[ C0] [<90000000003408e0>] __hrtimer_run_queues+0x160/0x378\n[ C0] [<9000000000341f14>] hrtimer_interrupt+0x144/0x388\n[ C0] [<9000000000228348>] constant_timer_interrupt+0x38/0x48\n[ C0] [<90000000002feba4>] __handle_irq_event_percpu+0x64/0x1e8\n[ C0] [<90000000002fed48>] handle_irq_event_percpu+0x20/0x80\n[ C0] [<9000000000306b9c>] handle_percpu_irq+0x5c/0x98\n[ C0] [<90000000002fd4a0>] generic_handle_domain_irq+0x30/0x48\n[ C0] [<9000000000d0c7b0>] handle_cpu_irq+0x70/0xa8\n[ C0] [<9000000001646b30>] handle_loongarch_irq+0x30/0x48\n[ C0] [<9000000001646bc8>] do_vint+0x80/0xe0\n[ C0] [<90000000002aea1c>] finish_task_switch.isra.0+0x8c/0x2a8\n[ C0] [<900000000164e34c>] __schedule+0x314/0xa48\n[ C0] [<900000000164ead8>] schedule+0x58/0xf0\n[ C0] [<9000000000294a2c>] worker_thread+0x224/0x498\n[ C0] [<900000000029d2f0>] kthread+0xf8/0x108\n[ C0] [<9000000000221f28>] ret_from_kernel_thread+0xc/0xa4\n[ C0]\n[ C0] ---[ end trace 0000000000000000 ]---\n\nThe root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect\nacpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause\na thread switch. Since there is no longer concurrent execution during\nloongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes()\ndirectly in enable_gpe_wakeup().\n\nThe solution is similar to commit 22db06337f590d01 (\"ACPI: sleep: Avoid\nbreaking S3 wakeup due to might_sleep()\").",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:02Z"

advisories/unreviewed/2025/02/GHSA-5h7r-vm4m-qxq6/GHSA-5h7r-vm4m-qxq6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5h7r-vm4m-qxq6",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21819"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-5jx9-3p7f-55g3/GHSA-5jx9-3p7f-55g3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5jx9-3p7f-55g3",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21822"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: vmclock: Set driver data before its usage\n\nIf vmclock_ptp_register() fails during probing, vmclock_remove() is\ncalled to clean up the ptp clock and misc device.\nIt uses dev_get_drvdata() to access the vmclock state.\nHowever the driver data is not yet set at this point.\n\nAssign the driver data earlier.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-8w2r-337g-j83r/GHSA-8w2r-337g-j83r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8w2r-337g-j83r",
-  "modified": "2025-03-13T15:32:52Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:16Z",
   "aliases": [
     "CVE-2025-21804"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n  $ cat /proc/iomem\n  30000000-37ffffff :\n  38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n  $ cat /proc/iomem\n  30000000-37ffffff : memory2\n  38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:03Z"

advisories/unreviewed/2025/02/GHSA-cp43-x3rr-gwcc/GHSA-cp43-x3rr-gwcc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cp43-x3rr-gwcc",
-  "modified": "2025-02-27T21:32:16Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:16Z",
   "aliases": [
     "CVE-2025-21807"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix queue freeze vs limits lock order in sysfs store methods\n\nqueue_attr_store() always freezes a device queue before calling the\nattribute store operation. For attributes that control queue limits, the\nstore operation will also lock the queue limits with a call to\nqueue_limits_start_update(). However, some drivers (e.g. SCSI sd) may\nneed to issue commands to a device to obtain limit values from the\nhardware with the queue limits locked. This creates a potential ABBA\ndeadlock situation if a user attempts to modify a limit (thus freezing\nthe device queue) while the device driver starts a revalidation of the\ndevice queue limits.\n\nAvoid such deadlock by not freezing the queue before calling the\n->store_limit() method in struct queue_sysfs_entry and instead use the\nqueue_limits_commit_update_frozen helper to freeze the queue after taking\nthe limits lock.\n\nThis also removes taking the sysfs lock for the store_limit method as\nit doesn't protect anything here, but creates even more nesting.\nHopefully it will go away from the actual sysfs methods entirely soon.\n\n(commit log adapted from a similar patch from  Damien Le Moal)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:03Z"

advisories/unreviewed/2025/02/GHSA-cq4r-9fv8-53r2/GHSA-cq4r-9fv8-53r2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cq4r-9fv8-53r2",
-  "modified": "2025-03-13T15:32:53Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:17Z",
   "aliases": [
     "CVE-2025-21823"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n  rtnl_lock held. But the code in the ELP metric worker also tries to use\n  rtnl_lock() - which will never return in this case. This also means that\n  cancel_work_sync would never return because it is waiting for the worker\n  to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n  currently done using the RCU specific methods. Which means that it is\n  possible to miss items when iterating over it without the associated\n  spinlock - a behaviour which is acceptable for a periodic metric check\n  but not for a cleanup routine (which must \"stop\" all still running\n  workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n  the RCU protected context, gathering the metric according to the new list\n  outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n  when the cancel_delayed_work_sync is called in the interface removal code\n  (which is called with the rtnl_lock held)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:04Z"

advisories/unreviewed/2025/02/GHSA-gh8v-hvqf-g2jx/GHSA-gh8v-hvqf-g2jx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gh8v-hvqf-g2jx",
-  "modified": "2025-02-27T21:32:17Z",
+  "modified": "2025-10-28T03:30:13Z",
   "published": "2025-02-27T21:32:16Z",
   "aliases": [
     "CVE-2025-21808"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xdp: Disallow attaching device-bound programs in generic mode\n\nDevice-bound programs are used to support RX metadata kfuncs. These\nkfuncs are driver-specific and rely on the driver context to read the\nmetadata. This means they can't work in generic XDP mode. However, there\nis no check to disallow such programs from being attached in generic\nmode, in which case the metadata kfuncs will be called in an invalid\ncontext, leading to crashes.\n\nFix this by adding a check to disallow attaching device-bound programs\nin generic mode.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-02-27T20:16:03Z"