Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-m68q-4hqr-mc6f/GHSA-m68q-4hqr-mc6f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m68q-4hqr-mc6f",
-  "modified": "2025-11-28T15:30:29Z",
+  "modified": "2025-12-03T18:30:21Z",
   "published": "2025-09-16T15:32:37Z",
   "aliases": [
     "CVE-2025-4953"
@@ -64,6 +64,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17669"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22265"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:2703"

advisories/unreviewed/2022/05/GHSA-36m7-j2mr-5864/GHSA-36m7-j2mr-5864.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36m7-j2mr-5864",
-  "modified": "2022-05-24T17:43:02Z",
+  "modified": "2025-12-03T18:30:19Z",
   "published": "2022-05-24T17:43:02Z",
   "aliases": [
     "CVE-2020-36254"
   ],
   "details": "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-gw8r-xfqw-vw42/GHSA-gw8r-xfqw-vw42.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gw8r-xfqw-vw42",
-  "modified": "2023-05-05T18:30:14Z",
+  "modified": "2025-12-03T18:30:19Z",
   "published": "2022-05-24T17:08:01Z",
   "aliases": [
     "CVE-2020-8597"
@@ -63,6 +63,14 @@
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR"
+    },
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"

advisories/unreviewed/2025/08/GHSA-5j7v-6mfx-vg6c/GHSA-5j7v-6mfx-vg6c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5j7v-6mfx-vg6c",
-  "modified": "2025-08-19T21:30:36Z",
+  "modified": "2025-12-03T18:30:19Z",
   "published": "2025-08-19T21:30:36Z",
   "aliases": [
     "CVE-2024-44373"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44373"
     },
+    {
+      "type": "WEB",
+      "url": "https://gh0stmezh.wordpress.com/2024/08/25/cve-2024-44373"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/AllskyTeam/allsky"

advisories/unreviewed/2025/09/GHSA-22jx-v9jm-qjqq/GHSA-22jx-v9jm-qjqq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22jx-v9jm-qjqq",
-  "modified": "2025-09-15T15:31:25Z",
+  "modified": "2025-12-03T18:30:19Z",
   "published": "2025-09-15T15:31:25Z",
   "aliases": [
     "CVE-2022-50269"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix memory leak in vkms_init()\n\nA memory leak was reported after the vkms module install failed.\n\nunreferenced object 0xffff88810bc28520 (size 16):\n  comm \"modprobe\", pid 9662, jiffies 4298009455 (age 42.590s)\n  hex dump (first 16 bytes):\n    01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff  ...d............\n  backtrace:\n    [<00000000e7561ff8>] kmalloc_trace+0x27/0x60\n    [<000000000b1954a0>] 0xffffffffc45200a9\n    [<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0\n    [<000000001505ee87>] do_init_module+0x1a4/0x680\n    [<00000000958079ad>] load_module+0x6249/0x7110\n    [<00000000117e4696>] __do_sys_finit_module+0x140/0x200\n    [<00000000f74b12d2>] do_syscall_64+0x35/0x80\n    [<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe reason is that the vkms_init() returns without checking the return\nvalue of vkms_create(), and if the vkms_create() failed, the config\nallocated at the beginning of vkms_init() is leaked.\n\n vkms_init()\n   config = kmalloc(...) # config allocated\n   ...\n   return vkms_create() # vkms_create failed and config is leaked\n\nFix this problem by checking return value of vkms_create() and free the\nconfig if error happened.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:37Z"

advisories/unreviewed/2025/09/GHSA-23pr-hf4g-r8h2/GHSA-23pr-hf4g-r8h2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23pr-hf4g-r8h2",
-  "modified": "2025-09-16T15:32:33Z",
+  "modified": "2025-12-03T18:30:20Z",
   "published": "2025-09-16T15:32:33Z",
   "aliases": [
     "CVE-2023-53274"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T08:15:36Z"

advisories/unreviewed/2025/09/GHSA-2px4-3jpx-h38h/GHSA-2px4-3jpx-h38h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2px4-3jpx-h38h",
-  "modified": "2025-09-15T15:31:30Z",
+  "modified": "2025-12-03T18:30:20Z",
   "published": "2025-09-15T15:31:30Z",
   "aliases": [
     "CVE-2023-53253"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Reference hid_device devm allocation of input_dev name\n\nUse hid_device for devm allocation of the input_dev name to avoid a\nuse-after-free. input_unregister_device would trigger devres cleanup of all\nresources associated with the input_dev, free-ing the name. The name would\nsubsequently be used in a uevent fired at the end of unregistering the\ninput_dev.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:52Z"

advisories/unreviewed/2025/09/GHSA-542m-h257-c5wg/GHSA-542m-h257-c5wg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-542m-h257-c5wg",
-  "modified": "2025-09-15T15:31:25Z",
+  "modified": "2025-12-03T18:30:19Z",
   "published": "2025-09-15T15:31:25Z",
   "aliases": [
     "CVE-2022-50267"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: rtsx_pci: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and calling mmc_free_host() in the\nerror path, beside, runtime PM also needs be disabled.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:37Z"

advisories/unreviewed/2025/09/GHSA-5c8m-gj2j-m6jw/GHSA-5c8m-gj2j-m6jw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5c8m-gj2j-m6jw",
-  "modified": "2025-09-16T15:32:33Z",
+  "modified": "2025-12-03T18:30:20Z",
   "published": "2025-09-16T15:32:33Z",
   "aliases": [
     "CVE-2023-53288"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_modeset_probe\n\nWhen a new mode is set to modeset->mode, the previous mode should be freed.\nThis fixes the following kmemleak report:\n\ndrm_mode_duplicate+0x45/0x220 [drm]\ndrm_client_modeset_probe+0x944/0xf50 [drm]\n__drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\ndrm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\ndrm_client_register+0x169/0x240 [drm]\nast_pci_probe+0x142/0x190 [ast]\nlocal_pci_probe+0xdc/0x180\nwork_for_cpu_fn+0x4e/0xa0\nprocess_one_work+0x8b7/0x1540\nworker_thread+0x70a/0xed0\nkthread+0x29f/0x340\nret_from_fork+0x1f/0x30",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T08:15:37Z"

advisories/unreviewed/2025/09/GHSA-5qfv-wj98-fqxv/GHSA-5qfv-wj98-fqxv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5qfv-wj98-fqxv",
-  "modified": "2025-09-15T15:31:30Z",
+  "modified": "2025-12-03T18:30:20Z",
   "published": "2025-09-15T15:31:30Z",
   "aliases": [
     "CVE-2023-53257"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-15T15:15:53Z"