Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2023/12/GHSA-27q9-h529-q4g3/GHSA-27q9-h529-q4g3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-27q9-h529-q4g3",
-  "modified": "2025-11-05T00:31:16Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2023-12-24T09:30:19Z",
   "aliases": [
     "CVE-2023-51767"
@@ -70,6 +70,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/10/01/1"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/10/01/2"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/08/GHSA-vfcg-vh6j-gg8j/GHSA-vfcg-vh6j-gg8j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vfcg-vh6j-gg8j",
-  "modified": "2025-10-03T09:30:19Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2024-08-08T15:31:30Z",
   "aliases": [
     "CVE-2024-3659"

advisories/unreviewed/2025/05/GHSA-37f2-w5cv-983p/GHSA-37f2-w5cv-983p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37f2-w5cv-983p",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37903"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free in hdcp\n\nThe HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector\nobjects without incrementing the kref reference counts. When using a\nUSB-C dock, and the dock is unplugged, the corresponding\namdgpu_dm_connector objects are freed, creating dangling pointers in the\nHDCP code. When the dock is plugged back, the dangling pointers are\ndereferenced, resulting in a slab-use-after-free:\n\n[   66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10\n\n[   66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233\n[   66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024\n[   66.776186] Workqueue: events event_property_validate [amdgpu]\n[   66.776494] Call Trace:\n[   66.776496]  <TASK>\n[   66.776497]  dump_stack_lvl+0x70/0xa0\n[   66.776504]  print_report+0x175/0x555\n[   66.776507]  ? __virt_addr_valid+0x243/0x450\n[   66.776510]  ? kasan_complete_mode_report_info+0x66/0x1c0\n[   66.776515]  kasan_report+0xeb/0x1c0\n[   66.776518]  ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.776819]  ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.777121]  __asan_report_load4_noabort+0x14/0x20\n[   66.777124]  event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.777342]  ? __lock_acquire+0x6b40/0x6b40\n[   66.777347]  ? enable_assr+0x250/0x250 [amdgpu]\n[   66.777571]  process_one_work+0x86b/0x1510\n[   66.777575]  ? pwq_dec_nr_in_flight+0xcf0/0xcf0\n[   66.777578]  ? assign_work+0x16b/0x280\n[   66.777580]  ? lock_is_held_type+0xa3/0x130\n[   66.777583]  worker_thread+0x5c0/0xfa0\n[   66.777587]  ? process_one_work+0x1510/0x1510\n[   66.777588]  kthread+0x3a2/0x840\n[   66.777591]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777594]  ? trace_hardirqs_on+0x4f/0x60\n[   66.777597]  ? _raw_spin_unlock_irq+0x27/0x60\n[   66.777599]  ? calculate_sigpending+0x77/0xa0\n[   66.777602]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777605]  ret_from_fork+0x40/0x90\n[   66.777607]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777609]  ret_from_fork_asm+0x11/0x20\n[   66.777614]  </TASK>\n\n[   66.777643] Allocated by task 10:\n[   66.777646]  kasan_save_stack+0x39/0x60\n[   66.777649]  kasan_save_track+0x14/0x40\n[   66.777652]  kasan_save_alloc_info+0x37/0x50\n[   66.777655]  __kasan_kmalloc+0xbb/0xc0\n[   66.777658]  __kmalloc_cache_noprof+0x1c8/0x4b0\n[   66.777661]  dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu]\n[   66.777880]  drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper]\n[   66.777892]  drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper]\n[   66.777901]  drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper]\n[   66.777909]  drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper]\n[   66.777917]  process_one_work+0x86b/0x1510\n[   66.777919]  worker_thread+0x5c0/0xfa0\n[   66.777922]  kthread+0x3a2/0x840\n[   66.777925]  ret_from_fork+0x40/0x90\n[   66.777927]  ret_from_fork_asm+0x11/0x20\n\n[   66.777932] Freed by task 1713:\n[   66.777935]  kasan_save_stack+0x39/0x60\n[   66.777938]  kasan_save_track+0x14/0x40\n[   66.777940]  kasan_save_free_info+0x3b/0x60\n[   66.777944]  __kasan_slab_free+0x52/0x70\n[   66.777946]  kfree+0x13f/0x4b0\n[   66.777949]  dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu]\n[   66.778179]  drm_connector_free+0x7d/0xb0\n[   66.778184]  drm_mode_object_put.part.0+0xee/0x160\n[   66.778188]  drm_mode_object_put+0x37/0x50\n[   66.778191]  drm_atomic_state_default_clear+0x220/0xd60\n[   66.778194]  __drm_atomic_state_free+0x16e/0x2a0\n[   66.778197]  drm_mode_atomic_ioctl+0x15ed/0x2ba0\n[   66.778200]  drm_ioctl_kernel+0x17a/0x310\n[   66.778203]  drm_ioctl+0x584/0xd10\n[   66.778206]  amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu]\n[   66.778375]  __x64_sys_ioctl+0x139/0x1a0\n[   66.778378]  x64_sys_call+0xee7/0xfb0\n[   66.778381] \n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:26Z"

advisories/unreviewed/2025/05/GHSA-5363-pqw5-qgr2/GHSA-5363-pqw5-qgr2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5363-pqw5-qgr2",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:23Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37913"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard's report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc's enqueue callback reentrant.\nIn the case of qfq, there won't be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nThis patch checks whether the class was already added to the agg->active\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:27Z"

advisories/unreviewed/2025/05/GHSA-7q97-2mwr-62p8/GHSA-7q97-2mwr-62p8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7q97-2mwr-62p8",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:23Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37912"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()\n\nAs mentioned in the commit baeb705fd6a7 (\"ice: always check VF VSI\npointer values\"), we need to perform a null pointer check on the return\nvalue of ice_get_vf_vsi() before using it.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:27Z"

advisories/unreviewed/2025/05/GHSA-8fw5-h4j9-4g35/GHSA-8fw5-h4j9-4g35.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8fw5-h4j9-4g35",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:23Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37905"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Balance device refcount when destroying devices\n\nUsing device_find_child() to lookup the proper SCMI device to destroy\ncauses an unbalance in device refcount, since device_find_child() calls an\nimplicit get_device(): this, in turns, inhibits the call of the provided\nrelease methods upon devices destruction.\n\nAs a consequence, one of the structures that is not freed properly upon\ndestruction is the internal struct device_private dev->p populated by the\ndrivers subsystem core.\n\nKMemleak detects this situation since loading/unloding some SCMI driver\ncauses related devices to be created/destroyed without calling any\ndevice_release method.\n\nunreferenced object 0xffff00000f583800 (size 512):\n  comm \"insmod\", pid 227, jiffies 4294912190\n  hex dump (first 32 bytes):\n    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........\n    ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff  ........`6......\n  backtrace (crc 114e2eed):\n    kmemleak_alloc+0xbc/0xd8\n    __kmalloc_cache_noprof+0x2dc/0x398\n    device_add+0x954/0x12d0\n    device_register+0x28/0x40\n    __scmi_device_create.part.0+0x1bc/0x380\n    scmi_device_create+0x2d0/0x390\n    scmi_create_protocol_devices+0x74/0xf8\n    scmi_device_request_notifier+0x1f8/0x2a8\n    notifier_call_chain+0x110/0x3b0\n    blocking_notifier_call_chain+0x70/0xb0\n    scmi_driver_register+0x350/0x7f0\n    0xffff80000a3b3038\n    do_one_initcall+0x12c/0x730\n    do_init_module+0x1dc/0x640\n    load_module+0x4b20/0x5b70\n    init_module_from_file+0xec/0x158\n\n$ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0\ndevice_add+0x954/0x12d0:\nkmalloc_noprof at include/linux/slab.h:901\n(inlined by) kzalloc_noprof at include/linux/slab.h:1037\n(inlined by) device_private_init at drivers/base/core.c:3510\n(inlined by) device_add at drivers/base/core.c:3561\n\nBalance device refcount by issuing a put_device() on devices found via\ndevice_find_child().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:26Z"

advisories/unreviewed/2025/05/GHSA-8hrm-j585-jww6/GHSA-8hrm-j585-jww6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8hrm-j585-jww6",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37901"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs\n\nOn Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not\nhave a corresponding MPM pin and should not be handled inside the MPM\ndriver. The IRQ domain hierarchy is always applied, so it's required to\nexplicitly disconnect the hierarchy for those. The pinctrl-msm driver marks\nthese with GPIO_NO_WAKE_IRQ. qcom-pdc has a check for this, but\nirq-qcom-mpm is currently missing the check. This is causing crashes when\nsetting up interrupts for non-wake GPIOs:\n\n root@rb1:~# gpiomon -c gpiochip1 10\n   irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1\n   Unable to handle kernel paging request at virtual address ffff8000a1dc3820\n   Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT)\n   pc : mpm_set_type+0x80/0xcc\n   lr : mpm_set_type+0x5c/0xcc\n   Call trace:\n    mpm_set_type+0x80/0xcc (P)\n    qcom_mpm_set_type+0x64/0x158\n    irq_chip_set_type_parent+0x20/0x38\n    msm_gpio_irq_set_type+0x50/0x530\n    __irq_set_trigger+0x60/0x184\n    __setup_irq+0x304/0x6bc\n    request_threaded_irq+0xc8/0x19c\n    edge_detector_setup+0x260/0x364\n    linereq_create+0x420/0x5a8\n    gpio_ioctl+0x2d4/0x6c0\n\nFix this by copying the check for GPIO_NO_WAKE_IRQ from qcom-pdc.c, so that\nMPM is removed entirely from the hierarchy for non-wake GPIOs.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:26Z"

advisories/unreviewed/2025/05/GHSA-935c-5v3p-3rp4/GHSA-935c-5v3p-3rp4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-935c-5v3p-3rp4",
-  "modified": "2025-05-20T18:30:54Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37904"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix the inode leak in btrfs_iget()\n\n[BUG]\nThere is a bug report that a syzbot reproducer can lead to the following\nbusy inode at unmount time:\n\n  BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50\n  VFS: Busy inodes after unmount of loop1 (btrfs)\n  ------------[ cut here ]------------\n  kernel BUG at fs/super.c:650!\n  Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n  CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full)\n  Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n  RIP: 0010:generic_shutdown_super+0x2e9/0x390 fs/super.c:650\n  Call Trace:\n   <TASK>\n   kill_anon_super+0x3a/0x60 fs/super.c:1237\n   btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2099\n   deactivate_locked_super+0xbe/0x1a0 fs/super.c:473\n   deactivate_super fs/super.c:506 [inline]\n   deactivate_super+0xe2/0x100 fs/super.c:502\n   cleanup_mnt+0x21f/0x440 fs/namespace.c:1435\n   task_work_run+0x14d/0x240 kernel/task_work.c:227\n   resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n   exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n   exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n   __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n   syscall_exit_to_user_mode+0x269/0x290 kernel/entry/common.c:218\n   do_syscall_64+0xd4/0x250 arch/x86/entry/syscall_64.c:100\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n   </TASK>\n\n[CAUSE]\nWhen btrfs_alloc_path() failed, btrfs_iget() directly returned without\nreleasing the inode already allocated by btrfs_iget_locked().\n\nThis results the above busy inode and trigger the kernel BUG.\n\n[FIX]\nFix it by calling iget_failed() if btrfs_alloc_path() failed.\n\nIf we hit error inside btrfs_read_locked_inode(), it will properly call\niget_failed(), so nothing to worry about.\n\nAlthough the iget_failed() cleanup inside btrfs_read_locked_inode() is a\nbreak of the normal error handling scheme, let's fix the obvious bug\nand backport first, then rework the error handling later.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:26Z"

advisories/unreviewed/2025/05/GHSA-fwvg-7877-39cm/GHSA-fwvg-7877-39cm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwvg-7877-39cm",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:22Z",
   "published": "2025-05-16T15:31:02Z",
   "aliases": [
     "CVE-2025-37890"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\n\nAs described in Gerrard's report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\n\nThis patch checks the n_active class variable to make sure that the code\nwon't insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-16T13:15:52Z"

advisories/unreviewed/2025/05/GHSA-h8m2-hc42-j2c9/GHSA-h8m2-hc42-j2c9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h8m2-hc42-j2c9",
-  "modified": "2025-11-03T21:33:54Z",
+  "modified": "2025-11-17T18:30:23Z",
   "published": "2025-05-20T18:30:54Z",
   "aliases": [
     "CVE-2025-37917"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll\n\nUse spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock\nand spin_unlock in mtk_star_emac driver to avoid spinlock recursion\noccurrence that can happen when enabling the DMA interrupts again in\nrx/tx poll.\n\n```\nBUG: spinlock recursion on CPU#0, swapper/0/0\n lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0,\n    .owner_cpu: 0\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted\n    6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT\nHardware name: MediaTek MT8365 Open Platform EVK (DT)\nCall trace:\n show_stack+0x18/0x24 (C)\n dump_stack_lvl+0x60/0x80\n dump_stack+0x18/0x24\n spin_dump+0x78/0x88\n do_raw_spin_lock+0x11c/0x120\n _raw_spin_lock+0x20/0x2c\n mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac]\n __handle_irq_event_percpu+0x48/0x140\n handle_irq_event+0x4c/0xb0\n handle_fasteoi_irq+0xa0/0x1bc\n handle_irq_desc+0x34/0x58\n generic_handle_domain_irq+0x1c/0x28\n gic_handle_irq+0x4c/0x120\n do_interrupt_handler+0x50/0x84\n el1_interrupt+0x34/0x68\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n regmap_mmio_read32le+0xc/0x20 (P)\n _regmap_bus_reg_read+0x6c/0xac\n _regmap_read+0x60/0xdc\n regmap_read+0x4c/0x80\n mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac]\n __napi_poll+0x38/0x188\n net_rx_action+0x164/0x2c0\n handle_softirqs+0x100/0x244\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x20\n call_on_irq_stack+0x24/0x64\n do_softirq_own_stack+0x1c/0x40\n __irq_exit_rcu+0xd4/0x10c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x68\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n cpuidle_enter_state+0xac/0x320 (P)\n cpuidle_enter+0x38/0x50\n do_idle+0x1e4/0x260\n cpu_startup_entry+0x34/0x3c\n rest_init+0xdc/0xe0\n console_on_rootfs+0x0/0x6c\n __primary_switched+0x88/0x90\n```",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -45,7 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-20T16:15:28Z"