Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/12/GHSA-9jcj-c3px-4jc5/GHSA-9jcj-c3px-4jc5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9jcj-c3px-4jc5",
-  "modified": "2024-12-06T18:30:45Z",
+  "modified": "2025-11-12T18:31:02Z",
   "published": "2024-12-02T15:31:41Z",
   "aliases": [
     "CVE-2024-10905"

advisories/unreviewed/2025/05/GHSA-332g-mj6w-rc2r/GHSA-332g-mj6w-rc2r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-332g-mj6w-rc2r",
-  "modified": "2025-05-02T18:31:33Z",
+  "modified": "2025-11-12T18:31:03Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53044"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()'s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn't being actively used.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:23Z"

advisories/unreviewed/2025/05/GHSA-3vrc-v2w2-8gq7/GHSA-3vrc-v2w2-8gq7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3vrc-v2w2-8gq7",
-  "modified": "2025-05-02T18:31:33Z",
+  "modified": "2025-11-12T18:31:04Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53052"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on.  Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] <TASK>\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] </TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-6j92-j58g-fc8v/GHSA-6j92-j58g-fc8v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6j92-j58g-fc8v",
-  "modified": "2025-05-01T15:31:53Z",
+  "modified": "2025-11-12T18:31:03Z",
   "published": "2025-05-01T15:31:52Z",
   "aliases": [
     "CVE-2022-49913"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix inode list leak during backref walking at find_parent_nodes()\n\nDuring backref walking, at find_parent_nodes(), if we are dealing with a\ndata extent and we get an error while resolving the indirect backrefs, at\nresolve_indirect_refs(), or in the while loop that iterates over the refs\nin the direct refs rbtree, we end up leaking the inode lists attached to\nthe direct refs we have in the direct refs rbtree that were not yet added\nto the refs ulist passed as argument to find_parent_nodes(). Since they\nwere not yet added to the refs ulist and prelim_release() does not free\nthe lists, on error the caller can only free the lists attached to the\nrefs that were added to the refs ulist, all the remaining refs get their\ninode lists never freed, therefore leaking their memory.\n\nFix this by having prelim_release() always free any attached inode list\nto each ref found in the rbtree, and have find_parent_nodes() set the\nref's inode list to NULL once it transfers ownership of the inode list\nto a ref added to the refs ulist passed to find_parent_nodes().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:16Z"

advisories/unreviewed/2025/05/GHSA-6mfv-xmmj-jgwf/GHSA-6mfv-xmmj-jgwf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6mfv-xmmj-jgwf",
-  "modified": "2025-05-01T15:31:52Z",
+  "modified": "2025-11-12T18:31:03Z",
   "published": "2025-05-01T15:31:52Z",
   "aliases": [
     "CVE-2022-49917"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in ip_vs_app_net_cleanup()\n\nDuring the initialization of ip_vs_app_net_init(), if file ip_vs_app\nfails to be created, the initialization is successful by default.\nTherefore, the ip_vs_app file doesn't be found during the remove in\nip_vs_app_net_cleanup(). It will cause WRNING.\n\nThe following is the stack information:\nname 'ip_vs_app'\nWARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n<TASK>\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:16Z"

advisories/unreviewed/2025/05/GHSA-77x5-pwh8-3qq8/GHSA-77x5-pwh8-3qq8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-77x5-pwh8-3qq8",
-  "modified": "2025-05-02T18:31:33Z",
+  "modified": "2025-11-12T18:31:04Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53055"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don't get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-9j7f-hr5r-cm59/GHSA-9j7f-hr5r-cm59.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9j7f-hr5r-cm59",
-  "modified": "2025-05-02T18:31:33Z",
+  "modified": "2025-11-12T18:31:04Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53051"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm crypt: add cond_resched() to dmcrypt_write()\n\nThe loop in dmcrypt_write may be running for unbounded amount of time,\nthus we need cond_resched() in it.\n\nThis commit fixes the following warning:\n\n[ 3391.153255][   C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]\n...\n[ 3391.387210][   C12] Call trace:\n[ 3391.390338][   C12]  blk_attempt_bio_merge.part.6+0x38/0x158\n[ 3391.395970][   C12]  blk_attempt_plug_merge+0xc0/0x1b0\n[ 3391.401085][   C12]  blk_mq_submit_bio+0x398/0x550\n[ 3391.405856][   C12]  submit_bio_noacct+0x308/0x380\n[ 3391.410630][   C12]  dmcrypt_write+0x1e4/0x208 [dm_crypt]\n[ 3391.416005][   C12]  kthread+0x130/0x138\n[ 3391.419911][   C12]  ret_from_fork+0x10/0x18",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-9q6h-q6v8-gjmr/GHSA-9q6h-q6v8-gjmr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9q6h-q6v8-gjmr",
-  "modified": "2025-05-01T15:31:53Z",
+  "modified": "2025-11-12T18:31:03Z",
   "published": "2025-05-01T15:31:52Z",
   "aliases": [
     "CVE-2022-49918"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in __ip_vs_cleanup_batch()\n\nDuring the initialization of ip_vs_conn_net_init(), if file ip_vs_conn\nor ip_vs_conn_sync fails to be created, the initialization is successful\nby default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't\nbe found during the remove.\n\nThe following is the stack information:\nname 'ip_vs_conn_sync'\nWARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712\nremove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n<TASK>\n__ip_vs_cleanup_batch+0x7d/0x120\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:17Z"

advisories/unreviewed/2025/05/GHSA-cqrq-5cq5-j744/GHSA-cqrq-5cq5-j744.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqrq-5cq5-j744",
-  "modified": "2025-05-02T18:31:33Z",
+  "modified": "2025-11-12T18:31:04Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53054"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg->ll_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine).",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-f76m-q4g4-c63m/GHSA-f76m-q4g4-c63m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f76m-q4g4-c63m",
-  "modified": "2025-05-01T15:31:52Z",
+  "modified": "2025-11-12T18:31:03Z",
   "published": "2025-05-01T15:31:52Z",
   "aliases": [
     "CVE-2022-49912"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix ulist leaks in error paths of qgroup self tests\n\nIn the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,\nif we fail to add the tree ref, remove the extent item or remove the\nextent ref, we are returning from the test function without freeing the\n\"old_roots\" ulist that was allocated by the previous calls to\nbtrfs_find_all_roots(). Fix that by calling ulist_free() before returning.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:16Z"