github
diff --git a/‎advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2024/01/GHSA-fh6j-mgh8-7prh/GHSA-fh6j-mgh8-7prh.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2024/01/GHSA-fh6j-mgh8-7prh/GHSA-fh6j-mgh8-7prh.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-59w5-j22f-h3rv/GHSA-59w5-j22f-h3rv.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/07/GHSA-59w5-j22f-h3rv/GHSA-59w5-j22f-h3rv.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/09/GHSA-2659-6323-wcmw/GHSA-2659-6323-wcmw.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/09/GHSA-2659-6323-wcmw/GHSA-2659-6323-wcmw.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-2hwr-p3mh-h7f6/GHSA-2hwr-p3mh-h7f6.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-2hwr-p3mh-h7f6/GHSA-2hwr-p3mh-h7f6.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-2j25-8cwq-vgvc/GHSA-2j25-8cwq-vgvc.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-2j25-8cwq-vgvc/GHSA-2j25-8cwq-vgvc.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-3p27-9p9g-q639/GHSA-3p27-9p9g-q639.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-3p27-9p9g-q639/GHSA-3p27-9p9g-q639.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-47v5-j4qc-p3gp/GHSA-47v5-j4qc-p3gp.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-47v5-j4qc-p3gp/GHSA-47v5-j4qc-p3gp.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-48rc-gf37-67xr/GHSA-48rc-gf37-67xr.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/09/GHSA-48rc-gf37-67xr/GHSA-48rc-gf37-67xr.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-4fjc-772g-jpj6/GHSA-4fjc-772g-jpj6.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/09/GHSA-4fjc-772g-jpj6/GHSA-4fjc-772g-jpj6.json‎
Lines changed: 8 additions & 3 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cx8g-4cf5-cjv3",
-  "modified": "2025-11-11T18:30:14Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2024-01-25T21:32:14Z",
   "aliases": [
     "CVE-2023-52356"
@@ -75,6 +75,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21994"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:20801"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fh6j-mgh8-7prh",
-  "modified": "2025-11-11T18:30:14Z",
+  "modified": "2025-11-24T21:30:55Z",
   "published": "2024-01-25T21:32:14Z",
   "aliases": [
     "CVE-2023-52355"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:20801"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21994"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-52355"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-59w5-j22f-h3rv",
-  "modified": "2025-08-22T15:33:05Z",
+  "modified": "2025-11-24T21:30:55Z",
   "published": "2025-07-04T06:30:24Z",
   "aliases": [
     "CVE-2025-5372"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5372"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21977"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5372"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2659-6323-wcmw",
-  "modified": "2025-09-15T15:31:23Z",
+  "modified": "2025-11-24T21:30:57Z",
   "published": "2025-09-15T15:31:23Z",
   "aliases": [
     "CVE-2023-53164"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe\n\nof_irq_find_parent() returns a node pointer with refcount incremented,\nWe should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T14:15:38Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2hwr-p3mh-h7f6",
-  "modified": "2025-09-15T15:31:22Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-15T15:31:22Z",
   "aliases": [
     "CVE-2022-50243"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: handle the error returned from sctp_auth_asoc_init_active_key\n\nWhen it returns an error from sctp_auth_asoc_init_active_key(), the\nactive_key is actually not updated. The old sh_key will be freeed\nwhile it's still used as active key in asoc. Then an use-after-free\nwill be triggered when sending patckets, as found by syzbot:\n\n  sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112\n  sctp_set_owner_w net/sctp/socket.c:132 [inline]\n  sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863\n  sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025\n  inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819\n  sock_sendmsg_nosec net/socket.c:714 [inline]\n  sock_sendmsg+0xcf/0x120 net/socket.c:734\n\nThis patch is to fix it by not replacing the sh_key when it returns\nerrors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().\nFor sctp_auth_set_active_key(), old active_key_id will be set back\nto asoc->active_key_id when the same thing happens.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T14:15:34Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j25-8cwq-vgvc",
-  "modified": "2025-09-05T18:31:15Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-05T18:31:15Z",
   "aliases": [
     "CVE-2025-38689"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix NULL dereference in avx512_status()\n\nProblem\n-------\nWith CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status\ncauses a warning and a NULL pointer dereference.\n\nThis is because the AVX-512 timestamp code uses x86_task_fpu() but\ndoesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function\nfor kernel threads (PF_KTHREAD specifically), making it return NULL.\n\nThe point of the warning was to ensure that kernel threads only access\ntask->fpu after going through kernel_fpu_begin()/_end(). Note: all\nkernel tasks exposed in /proc have a valid task->fpu.\n\nSolution\n--------\nOne option is to silence the warning and check for NULL from\nx86_task_fpu(). However, that warning is fairly fresh and seems like a\ndefense against misuse of the FPU state in kernel threads.\n\nInstead, stop outputting AVX-512_elapsed_ms for kernel threads\naltogether. The data was garbage anyway because avx512_timestamp is\nonly updated for user threads, not kernel threads.\n\nIf anyone ever wants to track kernel thread AVX-512 use, they can come\nback later and do it properly, separate from this bug fix.\n\n[ dhansen: mostly rewrite changelog ]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:37Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3p27-9p9g-q639",
-  "modified": "2025-09-15T15:31:22Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-15T15:31:22Z",
   "aliases": [
     "CVE-2022-50247"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq\n\nCan not set the @shared_hcd to NULL before decrease the usage count\nby usb_put_hcd(), this will cause the shared hcd not released.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T14:15:35Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-47v5-j4qc-p3gp",
-  "modified": "2025-09-05T18:31:15Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-05T18:31:15Z",
   "aliases": [
     "CVE-2025-38690"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/migrate: prevent infinite recursion\n\nIf the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to\nusing a bounce buffer. However the bounce buffer here is allocated on\nthe stack, and the only alignment requirement here is that it's\nnaturally aligned to u8, and not XE_CACHELINE_BYTES. If the bounce\nbuffer is also misaligned we then recurse back into the function again,\nhowever the new bounce buffer might also not be aligned, and might never\nbe until we eventually blow through the stack, as we keep recursing.\n\nInstead of using the stack use kmalloc, which should respect the\npower-of-two alignment request here. Fixes a kernel panic when\ntriggering this path through eudebug.\n\nv2 (Stuart):\n - Add build bug check for power-of-two restriction\n - s/EINVAL/ENOMEM/\n\n(cherry picked from commit 38b34e928a08ba594c4bbf7118aa3aadacd62fff)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:37Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-48rc-gf37-67xr",
-  "modified": "2025-09-15T15:31:22Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-15T15:31:22Z",
   "aliases": [
     "CVE-2022-50246"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpci: fix of node refcount leak in tcpci_register_port()\n\nI got the following report while doing device(mt6370-tcpc) load\ntest with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:\n\n  OF: ERROR: memory leak, expected refcount 1 instead of 2,\n  of_node_get()/of_node_put() unbalanced - destroy cset entry:\n  attach overlay node /i2c/pmic@34/tcpc/connector\n\nThe 'fwnode' set in tcpci_parse_config() which is called\nin tcpci_register_port(), its node refcount is increased\nin device_get_named_child_node(). It needs be put while\nexiting, so call fwnode_handle_put() in the error path of\ntcpci_register_port() and in tcpci_unregister_port() to\navoid leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T14:15:35Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4fjc-772g-jpj6",
-  "modified": "2025-09-05T18:31:15Z",
+  "modified": "2025-11-24T21:30:56Z",
   "published": "2025-09-05T18:31:15Z",
   "aliases": [
     "CVE-2025-38688"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Prevent ALIGN() overflow\n\nWhen allocating IOVA the candidate range gets aligned to the target\nalignment. If the range is close to ULONG_MAX then the ALIGN() can\nwrap resulting in a corrupted iova.\n\nOpen code the ALIGN() using get_add_overflow() to prevent this.\nThis simplifies the checks as we don't need to check for length earlier\neither.\n\nConsolidate the two copies of this code under a single helper.\n\nThis bug would allow userspace to create a mapping that overlaps with some\nother mapping or a reserved range.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:36Z"