github
diff --git a/‎advisories/unreviewed/2024/07/GHSA-q745-94ch-rjhg/GHSA-q745-94ch-rjhg.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2024/07/GHSA-q745-94ch-rjhg/GHSA-q745-94ch-rjhg.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/05/GHSA-28h8-49pj-mw67/GHSA-28h8-49pj-mw67.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-28h8-49pj-mw67/GHSA-28h8-49pj-mw67.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-2c79-g4hv-82qp/GHSA-2c79-g4hv-82qp.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-2c79-g4hv-82qp/GHSA-2c79-g4hv-82qp.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-2ccv-mmfh-gf82/GHSA-2ccv-mmfh-gf82.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-2ccv-mmfh-gf82/GHSA-2ccv-mmfh-gf82.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-2h27-gcg3-7h2g/GHSA-2h27-gcg3-7h2g.json‎
Lines changed: 1 addition & 1 deletion b/‎advisories/unreviewed/2025/05/GHSA-2h27-gcg3-7h2g/GHSA-2h27-gcg3-7h2g.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎advisories/unreviewed/2025/05/GHSA-2j2m-cc64-3xh4/GHSA-2j2m-cc64-3xh4.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-2j2m-cc64-3xh4/GHSA-2j2m-cc64-3xh4.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-3m8v-mqfw-xp3g/GHSA-3m8v-mqfw-xp3g.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-3m8v-mqfw-xp3g/GHSA-3m8v-mqfw-xp3g.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-45q6-6mh9-vrvp/GHSA-45q6-6mh9-vrvp.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-45q6-6mh9-vrvp/GHSA-45q6-6mh9-vrvp.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-5j92-w6xv-qp2m/GHSA-5j92-w6xv-qp2m.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-5j92-w6xv-qp2m/GHSA-5j92-w6xv-qp2m.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-5m24-f4fx-mp4r/GHSA-5m24-f4fx-mp4r.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-5m24-f4fx-mp4r/GHSA-5m24-f4fx-mp4r.json‎
Lines changed: 11 additions & 4 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q745-94ch-rjhg",
-  "modified": "2024-07-05T00:31:05Z",
+  "modified": "2025-11-10T18:30:28Z",
   "published": "2024-07-05T00:31:05Z",
   "aliases": [
     "CVE-2024-39937"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39937"
     },
+    {
+      "type": "WEB",
+      "url": "https://cloud.supos.com/announcement/detail?id=1985637965817671680"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/bytehunter-rat/supOS-BUG/blob/main/supOSDirectoryTraversal.md"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28h8-49pj-mw67",
-  "modified": "2025-05-09T09:33:18Z",
+  "modified": "2025-11-10T18:30:30Z",
   "published": "2025-05-05T15:30:53Z",
   "aliases": [
     "CVE-2024-58100"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: check changes_pkt_data property for extension programs\n\nWhen processing calls to global sub-programs, verifier decides whether\nto invalidate all packet pointers in current state depending on the\nchanges_pkt_data property of the global sub-program.\n\nBecause of this, an extension program replacing a global sub-program\nmust be compatible with changes_pkt_data property of the sub-program\nbeing replaced.\n\nThis commit:\n- adds changes_pkt_data flag to struct bpf_prog_aux:\n  - this flag is set in check_cfg() for main sub-program;\n  - in jit_subprogs() for other sub-programs;\n- modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;\n- moves call to check_attach_btf_id() after the call to check_cfg(),\n  because it needs changes_pkt_data flag to be set:\n\n    bpf_check:\n      ...                             ...\n    - check_attach_btf_id             resolve_pseudo_ldimm64\n      resolve_pseudo_ldimm64   -->    bpf_prog_is_offloaded\n      bpf_prog_is_offloaded           check_cfg\n      check_cfg                     + check_attach_btf_id\n      ...                             ...\n\nThe following fields are set by check_attach_btf_id():\n- env->ops\n- prog->aux->attach_btf_trace\n- prog->aux->attach_func_name\n- prog->aux->attach_func_proto\n- prog->aux->dst_trampoline\n- prog->aux->mod\n- prog->aux->saved_dst_attach_type\n- prog->aux->saved_dst_prog_type\n- prog->expected_attach_type\n\nNeither of these fields are used by resolve_pseudo_ldimm64() or\nbpf_prog_offload_verifier_prep() (for netronome and netdevsim\ndrivers), so the reordering is safe.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-05T15:15:53Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2c79-g4hv-82qp",
-  "modified": "2025-05-02T18:31:38Z",
+  "modified": "2025-11-10T18:30:30Z",
   "published": "2025-05-02T18:31:38Z",
   "aliases": [
     "CVE-2023-53135"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[    0.000000] ==================================================================\n[    0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[    0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[    0.000000]\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[    0.000000] Hardware name: riscv-virtio,qemu (DT)\n[    0.000000] Call Trace:\n[    0.000000] [<ffffffff80007ba8>] walk_stackframe+0x0/0x11a\n[    0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff80c49c80>] dump_stack_lvl+0x22/0x36\n[    0.000000] [<ffffffff80c3783e>] print_report+0x198/0x4a8\n[    0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff8015f68a>] kasan_report+0x9a/0xc8\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff8006e99c>] desc_make_final+0x80/0x84\n[    0.000000] [<ffffffff8009a04e>] stack_trace_save+0x88/0xa6\n[    0.000000] [<ffffffff80099fc2>] filter_irq_stacks+0x72/0x76\n[    0.000000] [<ffffffff8006b95e>] devkmsg_read+0x32a/0x32e\n[    0.000000] [<ffffffff8015ec16>] kasan_save_stack+0x28/0x52\n[    0.000000] [<ffffffff8006e998>] desc_make_final+0x7c/0x84\n[    0.000000] [<ffffffff8009a04a>] stack_trace_save+0x84/0xa6\n[    0.000000] [<ffffffff8015ec52>] kasan_set_track+0x12/0x20\n[    0.000000] [<ffffffff8015f22e>] __kasan_slab_alloc+0x58/0x5e\n[    0.000000] [<ffffffff8015e7ea>] __kmem_cache_create+0x21e/0x39a\n[    0.000000] [<ffffffff80e133ac>] create_boot_cache+0x70/0x9c\n[    0.000000] [<ffffffff80e17ab2>] kmem_cache_init+0x6c/0x11e\n[    0.000000] [<ffffffff80e00fd6>] mm_init+0xd8/0xfe\n[    0.000000] [<ffffffff80e011d8>] start_kernel+0x190/0x3ca\n[    0.000000]\n[    0.000000] The buggy address belongs to stack of task swapper/0\n[    0.000000]  and is located at offset 0 in frame:\n[    0.000000]  stack_trace_save+0x0/0xa6\n[    0.000000]\n[    0.000000] This frame has 1 object:\n[    0.000000]  [32, 56) 'c'\n[    0.000000]\n[    0.000000] The buggy address belongs to the physical page:\n[    0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[    0.000000] flags: 0x1000(reserved|zone=0)\n[    0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[    0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[    0.000000] page dumped because: kasan: bad access detected\n[    0.000000]\n[    0.000000] Memory state around the buggy address:\n[    0.000000]  ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000]  ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[    0.000000]                                            ^\n[    0.000000]  ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000]  ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:32Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2ccv-mmfh-gf82",
-  "modified": "2025-05-02T18:31:37Z",
+  "modified": "2025-11-10T18:30:29Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53119"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized 'phy' field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n <IRQ>\n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-908"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:30Z"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h27-gcg3-7h2g",
-  "modified": "2025-05-11T03:30:28Z",
+  "modified": "2025-11-10T18:30:31Z",
   "published": "2025-05-11T03:30:28Z",
   "aliases": [
     "CVE-2025-4527"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j2m-cc64-3xh4",
-  "modified": "2025-05-02T18:31:38Z",
+  "modified": "2025-11-10T18:30:30Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53133"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()\n\nWhen the buffer length of the recvmsg system call is 0, we got the\nflollowing soft lockup problem:\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149]\nCPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:remove_wait_queue+0xb/0xc0\nCode: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20\nRSP: 0018:ffff88811b5978b8 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768\nRDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040\nRBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7\nR10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800\nR13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0\nFS:  00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n tcp_msg_wait_data+0x279/0x2f0\n tcp_bpf_recvmsg_parser+0x3c6/0x490\n inet_recvmsg+0x280/0x290\n sock_recvmsg+0xfc/0x120\n ____sys_recvmsg+0x160/0x3d0\n ___sys_recvmsg+0xf0/0x180\n __sys_recvmsg+0xea/0x1a0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe logic in tcp_bpf_recvmsg_parser is as follows:\n\nmsg_bytes_ready:\n\tcopied = sk_msg_recvmsg(sk, psock, msg, len, flags);\n\tif (!copied) {\n\t\twait data;\n\t\tgoto msg_bytes_ready;\n\t}\n\nIn this case, \"copied\" always is 0, the infinite loop occurs.\n\nAccording to the Linux system call man page, 0 should be returned in this\ncase. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly\nreturn. Also modify several other functions with the same problem.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:32Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3m8v-mqfw-xp3g",
-  "modified": "2025-05-02T18:31:37Z",
+  "modified": "2025-11-10T18:30:29Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53123"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: s390: Fix use-after-free of PCI resources with per-function hotplug\n\nOn s390 PCI functions may be hotplugged individually even when they\nbelong to a multi-function device. In particular on an SR-IOV device VFs\nmay be removed and later re-added.\n\nIn commit a50297cf8235 (\"s390/pci: separate zbus creation from\nscanning\") it was missed however that struct pci_bus and struct\nzpci_bus's resource list retained a reference to the PCI functions MMIO\nresources even though those resources are released and freed on\nhot-unplug. These stale resources may subsequently be claimed when the\nPCI function re-appears resulting in use-after-free.\n\nOne idea of fixing this use-after-free in s390 specific code that was\ninvestigated was to simply keep resources around from the moment a PCI\nfunction first appeared until the whole virtual PCI bus created for\na multi-function device disappears. The problem with this however is\nthat due to the requirement of artificial MMIO addreesses (address\ncookies) extra logic is then needed to keep the address cookies\ncompatible on re-plug. At the same time the MMIO resources semantically\nbelong to the PCI function so tying their lifecycle to the function\nseems more logical.\n\nInstead a simpler approach is to remove the resources of an individually\nhot-unplugged PCI function from the PCI bus's resource list while\nkeeping the resources of other PCI functions on the PCI bus untouched.\n\nThis is done by introducing pci_bus_remove_resource() to remove an\nindividual resource. Similarly the resource also needs to be removed\nfrom the struct zpci_bus's resource list. It turns out however, that\nthere is really no need to add the MMIO resources to the struct\nzpci_bus's resource list at all and instead we can simply use the\nzpci_bar_struct's resource pointer directly.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:31Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-45q6-6mh9-vrvp",
-  "modified": "2025-05-02T18:31:37Z",
+  "modified": "2025-11-10T18:30:29Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53117"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:30Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5j92-w6xv-qp2m",
-  "modified": "2025-05-02T18:31:37Z",
+  "modified": "2025-11-10T18:30:29Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53116"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target ->queue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:30Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5m24-f4fx-mp4r",
-  "modified": "2025-05-02T18:31:37Z",
+  "modified": "2025-11-10T18:30:29Z",
   "published": "2025-05-02T18:31:37Z",
   "aliases": [
     "CVE-2023-53112"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n  UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n  index 6 is out of range for type 'u16 [6]'\n  CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n  Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n  Call Trace:\n   <TASK>\n   show_stack+0x4e/0x61\n   dump_stack_lvl+0x4a/0x6f\n   dump_stack+0x10/0x18\n   ubsan_epilogue+0x9/0x3a\n   __ubsan_handle_out_of_bounds.cold+0x42/0x47\n   gen11_compute_sseu_info+0x121/0x130 [i915]\n   intel_sseu_info_init+0x15d/0x2b0 [i915]\n   intel_gt_init_mmio+0x23/0x40 [i915]\n   i915_driver_mmio_probe+0x129/0x400 [i915]\n   ? intel_gt_probe_all+0x91/0x2e0 [i915]\n   i915_driver_probe+0xe1/0x3f0 [i915]\n   ? drm_privacy_screen_get+0x16d/0x190 [drm]\n   ? acpi_dev_found+0x64/0x80\n   i915_pci_probe+0xac/0x1b0 [i915]\n   ...\n\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:30Z"
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-2h27-gcg3-7h2g",`
`4`		`- "modified": "2025-05-11T03:30:28Z",`
	`4`	`+ "modified": "2025-11-10T18:30:31Z",`
`5`	`5`	`"published": "2025-05-11T03:30:28Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-4527"`