Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-5qx5-jpr4-rw99/GHSA-5qx5-jpr4-rw99.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5qx5-jpr4-rw99",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38673"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-framebuffer: Use dma_buf from GEM object instance\"\n\nThis reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach->dmabuf.\n\nv3:\n- cc stable",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:42Z"

advisories/unreviewed/2025/08/GHSA-698j-xv88-2hj7/GHSA-698j-xv88-2hj7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-698j-xv88-2hj7",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38675"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: state: initialize state_ptrs earlier in xfrm_state_find\n\nIn case of preemption, xfrm_state_look_at will find a different\npcpu_id and look up states for that other CPU. If we matched a state\nfor CPU2 in the state_cache while the lookup started on CPU1, we will\njump to \"found\", but the \"best\" state that we got will be ignored and\nwe will enter the \"acquire\" block. This block uses state_ptrs, which\nisn't initialized at this point.\n\nLet's initialize state_ptrs just after taking rcu_read_lock. This will\nalso prevent a possible misuse in the future, if someone adjusts this\nfunction.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:43Z"

advisories/unreviewed/2025/08/GHSA-6g4p-43g8-ppph/GHSA-6g4p-43g8-ppph.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6g4p-43g8-ppph",
-  "modified": "2025-08-22T18:31:22Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38662"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv\n\nGiven mt8365_dai_set_priv allocate priv_size space to copy priv_data which\nmeans we should pass mt8365_i2s_priv[i] or \"struct mtk_afe_i2s_priv\"\ninstead of afe_priv which has the size of \"struct mt8365_afe_private\".\n\nOtherwise the KASAN complains about.\n\n[   59.389765] BUG: KASAN: global-out-of-bounds in mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n...\n[   59.394789] Call trace:\n[   59.395167]  dump_backtrace+0xa0/0x128\n[   59.395733]  show_stack+0x20/0x38\n[   59.396238]  dump_stack_lvl+0xe8/0x148\n[   59.396806]  print_report+0x37c/0x5e0\n[   59.397358]  kasan_report+0xac/0xf8\n[   59.397885]  kasan_check_range+0xe8/0x190\n[   59.398485]  asan_memcpy+0x3c/0x98\n[   59.399022]  mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n[   59.399928]  mt8365_dai_i2s_register+0x1e8/0x2b0 [snd_soc_mt8365_pcm]\n[   59.400893]  mt8365_afe_pcm_dev_probe+0x4d0/0xdf0 [snd_soc_mt8365_pcm]\n[   59.401873]  platform_probe+0xcc/0x228\n[   59.402442]  really_probe+0x340/0x9e8\n[   59.402992]  driver_probe_device+0x16c/0x3f8\n[   59.403638]  driver_probe_device+0x64/0x1d8\n[   59.404256]  driver_attach+0x1dc/0x4c8\n[   59.404840]  bus_for_each_dev+0x100/0x190\n[   59.405442]  driver_attach+0x44/0x68\n[   59.405980]  bus_add_driver+0x23c/0x500\n[   59.406550]  driver_register+0xf8/0x3d0\n[   59.407122]  platform_driver_register+0x68/0x98\n[   59.407810]  mt8365_afe_pcm_driver_init+0x2c/0xff8 [snd_soc_mt8365_pcm]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:41Z"

advisories/unreviewed/2025/08/GHSA-c68j-74mr-g84m/GHSA-c68j-74mr-g84m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c68j-74mr-g84m",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38660"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\n[ceph] parse_longname(): strrchr() expects NUL-terminated string\n\n... and parse_longname() is not guaranteed that.  That's the reason\nwhy it uses kmemdup_nul() to build the argument for kstrtou64();\nthe problem is, kstrtou64() is not the only thing that need it.\n\nJust get a NUL-terminated copy of the entire thing and be done\nwith that...",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:41Z"

advisories/unreviewed/2025/08/GHSA-f2f7-c736-w7rf/GHSA-f2f7-c736-w7rf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f2f7-c736-w7rf",
-  "modified": "2025-08-22T18:31:22Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38661"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array\n\nAdd missing empty member to `awcc_dmi_table`.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:41Z"

advisories/unreviewed/2025/08/GHSA-pr2g-95mc-47fv/GHSA-pr2g-95mc-47fv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pr2g-95mc-47fv",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38669"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-shmem: Use dma_buf from GEM object instance\"\n\nThis reverts commit 1a148af06000e545e714fe3210af3d77ff903c11.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach->dmabuf.\n\nv3:\n- cc stable",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:42Z"

advisories/unreviewed/2025/08/GHSA-v32r-m6j9-4vhw/GHSA-v32r-m6j9-4vhw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v32r-m6j9-4vhw",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38674"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/prime: Use dma_buf from GEM object instance\"\n\nThis reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach->dmabuf.\n\nv3:\n- cc stable",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:43Z"

advisories/unreviewed/2025/08/GHSA-vx2j-fjcj-hv44/GHSA-vx2j-fjcj-hv44.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vx2j-fjcj-hv44",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38672"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-dma: Use dma_buf from GEM object instance\"\n\nThis reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach->dmabuf.\n\nv3:\n- cc stable",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:42Z"

advisories/unreviewed/2025/08/GHSA-xv9c-94pc-77w8/GHSA-xv9c-94pc-77w8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xv9c-94pc-77w8",
-  "modified": "2025-08-22T18:31:23Z",
+  "modified": "2025-11-26T00:30:15Z",
   "published": "2025-08-22T18:31:23Z",
   "aliases": [
     "CVE-2025-38667"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: fix potential out-of-bound write\n\nThe buffer is set to 20 characters. If a caller write more characters,\ncount is truncated to the max available space in \"simple_write_to_buffer\".\nTo protect from OoB access, check that the input size fit into buffer and\nadd a zero terminator after copy to the end of the copied data.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:42Z"

advisories/unreviewed/2025/09/GHSA-2rff-fcfm-wv2q/GHSA-2rff-fcfm-wv2q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2rff-fcfm-wv2q",
-  "modified": "2025-09-05T18:31:17Z",
+  "modified": "2025-11-26T00:30:16Z",
   "published": "2025-09-05T18:31:17Z",
   "aliases": [
     "CVE-2025-38726"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect\n\nAfter the call to phy_disconnect() netdev->phydev is reset to NULL.\nSo fixed_phy_unregister() would be called with a NULL pointer as argument.\nTherefore cache the phy_device before this call.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:42Z"