github
diff --git a/‎advisories/github-reviewed/2025/12/GHSA-569q-mpph-wgww/GHSA-569q-mpph-wgww.json‎
Lines changed: 63 additions & 0 deletions b/‎advisories/github-reviewed/2025/12/GHSA-569q-mpph-wgww/GHSA-569q-mpph-wgww.json‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/08/GHSA-mw57-63xv-7mx2/GHSA-mw57-63xv-7mx2.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/08/GHSA-mw57-63xv-7mx2/GHSA-mw57-63xv-7mx2.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-2q38-88hx-3qf7/GHSA-2q38-88hx-3qf7.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-2q38-88hx-3qf7/GHSA-2q38-88hx-3qf7.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-6j5m-wpm9-j86c/GHSA-6j5m-wpm9-j86c.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/09/GHSA-6j5m-wpm9-j86c/GHSA-6j5m-wpm9-j86c.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-769w-mwjw-953c/GHSA-769w-mwjw-953c.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/09/GHSA-769w-mwjw-953c/GHSA-769w-mwjw-953c.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-cch5-3fv5-qh9h/GHSA-cch5-3fv5-qh9h.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/09/GHSA-cch5-3fv5-qh9h/GHSA-cch5-3fv5-qh9h.json‎
Lines changed: 8 additions & 3 deletions
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-569q-mpph-wgww",
+  "modified": "2025-12-01T21:29:48Z",
+  "published": "2025-12-01T21:29:48Z",
+  "aliases": [],
+  "summary": "Better Auth affected by external request basePath modification DoS",
+  "details": "# Summary\n\nAffected versions of Better Auth allow an external request to configure `baseURL` when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users.\n\nThis issue is only exploitable when `baseURL` is not explicitly configured (e.g., `BETTER_AUTH_URL` is missing) *and* the attacker is able to make the very first request to the server after startup. In properly configured environments or typical managed hosting platforms, this fallback behavior cannot be reached.\n\n# Details\n\nA combination of `X-Forwarded-Host` and `X-Forwarded-Proto` is implicitly trusted. This allows the first request to configure baseURL whenever it is not explicitly configured.\n\nHere's the code that reads the headers:\n\n<img width=\"631\" height=\"219\" alt=\"headers\" src=\"https://github.com/user-attachments/assets/b3fb0078-a62f-4058-9d0b-4afbd30c4953\" />\n\nHere's the call to `getBaseURL()`, the result is assigned to `ctx.baseURL`.\n\n<img width=\"838\" height=\"414\" alt=\"write\" src=\"https://github.com/user-attachments/assets/a7b4dd17-75c3-49ef-9d08-6a2079d6a0ea\" />\n\nHere's the router receiving the poisoned `basePath`:\n\n<img width=\"594\" height=\"372\" alt=\"router\" src=\"https://github.com/user-attachments/assets/5fdf2862-9cd1-4b96-b146-18e67d904157\" />\n\n`X-Forwarded-Host` and `X-Forwarded-Proto` can be used to modify the pathname of a parsed URL object which forms `baseURL`. `basePath` is then derived from the pathname of `baseURL`. Once the router `basePath` is poisoned it fails to match & route incoming requests.\n\n# Repro\n\nStart a better-auth server with no `baseURL` configuration.\n\nSend the following request as the first request to the server:\n\n```curl\ncurl -i --location 'https://example.com/api/auth/ok' \\\n--header 'X-Forwarded-Proto: some:' \\\n--header 'X-Forwarded-Host: junk'\n```\n\nThe better-auth API check endpoint returns 404.\n\nNow send a regular request without the `X-Forwarded-Proto` and `X-Forwarded-Host` headers.\n\n```curl\ncurl -i --location 'https://example.com/api/auth/ok'\n```\n\nThe better-auth API check endpoint still returns 404.\n\n_Example result_\n\n<img width=\"662\" height=\"307\" alt=\"attack\" src=\"https://github.com/user-attachments/assets/5a9cfdb5-3db7-4504-9f0a-b3c32a6dc823\" />\n\nWe have modified the `basePath` for the router until the server is restarted. An attacker can repeatedly send these attack requests aiming to persistently exploit the vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "better-auth"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-569q-mpph-wgww"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/better-auth/better-auth"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/better-auth/better-auth/releases/tag/v1.4.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-12-01T21:29:48Z",
+    "nvd_published_at": null
+  }
+}
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mw57-63xv-7mx2",
-  "modified": "2025-12-01T12:30:28Z",
+  "modified": "2025-12-01T21:30:22Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38643"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()\n\nCallers of wdev_chandef() must hold the wiphy mutex.\n\nBut the worker cfg80211_propagate_cac_done_wk() never takes the lock.\nWhich triggers the warning below with the mesh_peer_connected_dfs\ntest from hostapd and not (yet) released mac80211 code changes:\n\nWARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165\nModules linked in:\nCPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf\nWorkqueue: cfg80211 cfg80211_propagate_cac_done_wk\nStack:\n 00000000 00000001 ffffff00 6093267c\n 00000000 6002ec30 6d577c50 60037608\n 00000000 67e8d108 6063717b 00000000\nCall Trace:\n [<6002ec30>] ? _printk+0x0/0x98\n [<6003c2b3>] show_stack+0x10e/0x11a\n [<6002ec30>] ? _printk+0x0/0x98\n [<60037608>] dump_stack_lvl+0x71/0xb8\n [<6063717b>] ? wdev_chandef+0x60/0x165\n [<6003766d>] dump_stack+0x1e/0x20\n [<6005d1b7>] __warn+0x101/0x20f\n [<6005d3a8>] warn_slowpath_fmt+0xe3/0x15d\n [<600b0c5c>] ? mark_lock.part.0+0x0/0x4ec\n [<60751191>] ? __this_cpu_preempt_check+0x0/0x16\n [<600b11a2>] ? mark_held_locks+0x5a/0x6e\n [<6005d2c5>] ? warn_slowpath_fmt+0x0/0x15d\n [<60052e53>] ? unblock_signals+0x3a/0xe7\n [<60052f2d>] ? um_set_signals+0x2d/0x43\n [<60751191>] ? __this_cpu_preempt_check+0x0/0x16\n [<607508b2>] ? lock_is_held_type+0x207/0x21f\n [<6063717b>] wdev_chandef+0x60/0x165\n [<605f89b4>] regulatory_propagate_dfs_state+0x247/0x43f\n [<60052f00>] ? um_set_signals+0x0/0x43\n [<605e6bfd>] cfg80211_propagate_cac_done_wk+0x3a/0x4a\n [<6007e460>] process_scheduled_works+0x3bc/0x60e\n [<6007d0ec>] ? move_linked_works+0x4d/0x81\n [<6007d120>] ? assign_work+0x0/0xaa\n [<6007f81f>] worker_thread+0x220/0x2dc\n [<600786ef>] ? set_pf_worker+0x0/0x57\n [<60087c96>] ? to_kthread+0x0/0x43\n [<6008ab3c>] kthread+0x2d3/0x2e2\n [<6007f5ff>] ? worker_thread+0x0/0x2dc\n [<6006c05b>] ? calculate_sigpending+0x0/0x56\n [<6003b37d>] new_thread_handler+0x4a/0x64\nirq event stamp: 614611\nhardirqs last  enabled at (614621): [<00000000600bc96b>] __up_console_sem+0x82/0xaf\nhardirqs last disabled at (614630): [<00000000600bc92c>] __up_console_sem+0x43/0xaf\nsoftirqs last  enabled at (614268): [<00000000606c55c6>] __ieee80211_wake_queue+0x933/0x985\nsoftirqs last disabled at (614266): [<00000000606c52d6>] __ieee80211_wake_queue+0x643/0x985",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-22T16:15:38Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2q38-88hx-3qf7",
-  "modified": "2025-09-16T18:31:27Z",
+  "modified": "2025-12-01T21:30:23Z",
   "published": "2025-09-16T18:31:27Z",
   "aliases": [
     "CVE-2023-53318"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrecordmcount: Fix memory leaks in the uwrite function\n\nCommon realloc mistake: 'file_append' nulled but not freed upon failure",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T17:15:37Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6j5m-wpm9-j86c",
-  "modified": "2025-09-16T18:31:27Z",
+  "modified": "2025-12-01T21:30:23Z",
   "published": "2025-09-16T18:31:27Z",
   "aliases": [
     "CVE-2023-53320"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()\n\nThe function mpi3mr_get_all_tgt_info() has four issues:\n\n1) It calculates valid entry length in alltgt_info assuming the header part\n   of the struct mpi3mr_device_map_info would equal to sizeof(u32).  The\n   correct size is sizeof(u64).\n\n2) When it calculates the valid entry length kern_entrylen, it excludes one\n   entry by subtracting 1 from num_devices.\n\n3) It copies num_device by calling memcpy(). Substitution is enough.\n\n4) It does not specify the calculated length to sg_copy_from_buffer().\n   Instead, it specifies the payload length which is larger than the\n   alltgt_info size. It causes \"BUG: KASAN: slab-out-of-bounds\".\n\nFix the issues by using the correct header size, removing the subtraction\nfrom num_devices, replacing the memcpy() with substitution and specifying\nthe correct length to sg_copy_from_buffer().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T17:15:38Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-769w-mwjw-953c",
-  "modified": "2025-09-16T18:31:27Z",
+  "modified": "2025-12-01T21:30:23Z",
   "published": "2025-09-16T18:31:27Z",
   "aliases": [
     "CVE-2023-53317"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in mb_find_extent\n\nSyzbot found the following issue:\n\nEXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!\nEXT4-fs (loop0): orphan cleanup on readonly fs\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30\nModules linked in:\nCPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:mb_find_extent+0x8a1/0xe30 fs/ext4/mballoc.c:1869\nRSP: 0018:ffffc90003c9e098 EFLAGS: 00010293\nRAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0\nRDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040\nRBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402\nR10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000\nR13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc\nFS:  0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ext4_mb_complex_scan_group+0x353/0x1100 fs/ext4/mballoc.c:2307\n ext4_mb_regular_allocator+0x1533/0x3860 fs/ext4/mballoc.c:2735\n ext4_mb_new_blocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605\n ext4_ext_map_blocks+0x1868/0x6880 fs/ext4/extents.c:4286\n ext4_map_blocks+0xa49/0x1cc0 fs/ext4/inode.c:651\n ext4_getblk+0x1b9/0x770 fs/ext4/inode.c:864\n ext4_bread+0x2a/0x170 fs/ext4/inode.c:920\n ext4_quota_write+0x225/0x570 fs/ext4/super.c:7105\n write_blk fs/quota/quota_tree.c:64 [inline]\n get_free_dqblk+0x34a/0x6d0 fs/quota/quota_tree.c:130\n do_insert_tree+0x26b/0x1aa0 fs/quota/quota_tree.c:340\n do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\n do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\n do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\n dq_insert_tree fs/quota/quota_tree.c:401 [inline]\n qtree_write_dquot+0x3b6/0x530 fs/quota/quota_tree.c:420\n v2_write_dquot+0x11b/0x190 fs/quota/quota_v2.c:358\n dquot_acquire+0x348/0x670 fs/quota/dquot.c:444\n ext4_acquire_dquot+0x2dc/0x400 fs/ext4/super.c:6740\n dqget+0x999/0xdc0 fs/quota/dquot.c:914\n __dquot_initialize+0x3d0/0xcf0 fs/quota/dquot.c:1492\n ext4_process_orphan+0x57/0x2d0 fs/ext4/orphan.c:329\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAdd some debug information:\nmb_find_extent: mb_find_extent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7\nblock_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAcctually, blocks per group is 64, but block bitmap indicate at least has\n128 blocks. Now, ext4_validate_block_bitmap() didn't check invalid block's\nbitmap if set.\nTo resolve above issue, add check like fsck \"Padding at end of block bitmap is\nnot set\".",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T17:15:37Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cch5-3fv5-qh9h",
-  "modified": "2025-09-16T18:31:27Z",
+  "modified": "2025-12-01T21:30:23Z",
   "published": "2025-09-16T18:31:27Z",
   "aliases": [
     "CVE-2023-53319"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm\n\nCurrently there is no synchronisation between finalize_pkvm() and\nkvm_arm_init() initcalls. The finalize_pkvm() proceeds happily even if\nkvm_arm_init() fails resulting in the following warning on all the CPUs\nand eventually a HYP panic:\n\n  | kvm [1]: IPA Size Limit: 48 bits\n  | kvm [1]: Failed to init hyp memory protection\n  | kvm [1]: error initializing Hyp mode: -22\n  |\n  | <snip>\n  |\n  | WARNING: CPU: 0 PID: 0 at arch/arm64/kvm/pkvm.c:226 _kvm_host_prot_finalize+0x30/0x50\n  | Modules linked in:\n  | CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0 #237\n  | Hardware name: FVP Base RevC (DT)\n  | pstate: 634020c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n  | pc : _kvm_host_prot_finalize+0x30/0x50\n  | lr : __flush_smp_call_function_queue+0xd8/0x230\n  |\n  | Call trace:\n  |  _kvm_host_prot_finalize+0x3c/0x50\n  |  on_each_cpu_cond_mask+0x3c/0x6c\n  |  pkvm_drop_host_privileges+0x4c/0x78\n  |  finalize_pkvm+0x3c/0x5c\n  |  do_one_initcall+0xcc/0x240\n  |  do_initcall_level+0x8c/0xac\n  |  do_initcalls+0x54/0x94\n  |  do_basic_setup+0x1c/0x28\n  |  kernel_init_freeable+0x100/0x16c\n  |  kernel_init+0x20/0x1a0\n  |  ret_from_fork+0x10/0x20\n  | Failed to finalize Hyp protection: -22\n  |     dtb=fvp-base-revc.dtb\n  | kvm [95]: nVHE hyp BUG at: arch/arm64/kvm/hyp/nvhe/mem_protect.c:540!\n  | kvm [95]: nVHE call trace:\n  | kvm [95]:  [<ffff800081052984>] __kvm_nvhe_hyp_panic+0xac/0xf8\n  | kvm [95]:  [<ffff800081059644>] __kvm_nvhe_handle_host_mem_abort+0x1a0/0x2ac\n  | kvm [95]:  [<ffff80008105511c>] __kvm_nvhe_handle_trap+0x4c/0x160\n  | kvm [95]:  [<ffff8000810540fc>] __kvm_nvhe___skip_pauth_save+0x4/0x4\n  | kvm [95]: ---[ end nVHE call trace ]---\n  | kvm [95]: Hyp Offset: 0xfffe8db00ffa0000\n  | Kernel panic - not syncing: HYP panic:\n  | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n  | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n  | VCPU:0000000000000000\n  | CPU: 3 PID: 95 Comm: kworker/u16:2 Tainted: G        W          6.4.0 #237\n  | Hardware name: FVP Base RevC (DT)\n  | Workqueue: rpciod rpc_async_schedule\n  | Call trace:\n  |  dump_backtrace+0xec/0x108\n  |  show_stack+0x18/0x2c\n  |  dump_stack_lvl+0x50/0x68\n  |  dump_stack+0x18/0x24\n  |  panic+0x138/0x33c\n  |  nvhe_hyp_panic_handler+0x100/0x184\n  |  new_slab+0x23c/0x54c\n  |  ___slab_alloc+0x3e4/0x770\n  |  kmem_cache_alloc_node+0x1f0/0x278\n  |  __alloc_skb+0xdc/0x294\n  |  tcp_stream_alloc_skb+0x2c/0xf0\n  |  tcp_sendmsg_locked+0x3d0/0xda4\n  |  tcp_sendmsg+0x38/0x5c\n  |  inet_sendmsg+0x44/0x60\n  |  sock_sendmsg+0x1c/0x34\n  |  xprt_sock_sendmsg+0xdc/0x274\n  |  xs_tcp_send_request+0x1ac/0x28c\n  |  xprt_transmit+0xcc/0x300\n  |  call_transmit+0x78/0x90\n  |  __rpc_execute+0x114/0x3d8\n  |  rpc_async_schedule+0x28/0x48\n  |  process_one_work+0x1d8/0x314\n  |  worker_thread+0x248/0x474\n  |  kthread+0xfc/0x184\n  |  ret_from_fork+0x10/0x20\n  | SMP: stopping secondary CPUs\n  | Kernel Offset: 0x57c5cb460000 from 0xffff800080000000\n  | PHYS_OFFSET: 0x80000000\n  | CPU features: 0x00000000,1035b7a3,ccfe773f\n  | Memory Limit: none\n  | ---[ end Kernel panic - not syncing: HYP panic:\n  | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n  | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n  | VCPU:0000000000000000 ]---\n\nFix it by checking for the successfull initialisation of kvm_arm_init()\nin finalize_pkvm() before proceeding any futher.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T17:15:37Z"