github
diff --git a/‎advisories/unreviewed/2022/05/GHSA-gm78-546w-wxp9/GHSA-gm78-546w-wxp9.json‎
Lines changed: 10 additions & 3 deletions b/‎advisories/unreviewed/2022/05/GHSA-gm78-546w-wxp9/GHSA-gm78-546w-wxp9.json‎
Lines changed: 10 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2022/05/GHSA-xh64-jjg2-744m/GHSA-xh64-jjg2-744m.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2022/05/GHSA-xh64-jjg2-744m/GHSA-xh64-jjg2-744m.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/05/GHSA-3vhw-gffp-6qr6/GHSA-3vhw-gffp-6qr6.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-3vhw-gffp-6qr6/GHSA-3vhw-gffp-6qr6.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-6jj7-p445-w2gq/GHSA-6jj7-p445-w2gq.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-6jj7-p445-w2gq/GHSA-6jj7-p445-w2gq.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-8rhx-6jcw-6ghv/GHSA-8rhx-6jcw-6ghv.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-8rhx-6jcw-6ghv/GHSA-8rhx-6jcw-6ghv.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-jmf7-45hm-82v2/GHSA-jmf7-45hm-82v2.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-jmf7-45hm-82v2/GHSA-jmf7-45hm-82v2.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-mr75-wq82-9hcw/GHSA-mr75-wq82-9hcw.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/05/GHSA-mr75-wq82-9hcw/GHSA-mr75-wq82-9hcw.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-q7q8-5x36-4r88/GHSA-q7q8-5x36-4r88.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-q7q8-5x36-4r88/GHSA-q7q8-5x36-4r88.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/05/GHSA-wwcc-hw3c-mqv5/GHSA-wwcc-hw3c-mqv5.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/05/GHSA-wwcc-hw3c-mqv5/GHSA-wwcc-hw3c-mqv5.json‎
Lines changed: 8 additions & 3 deletions
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gm78-546w-wxp9",
-  "modified": "2022-05-24T17:06:21Z",
+  "modified": "2025-11-14T21:30:26Z",
   "published": "2022-05-24T17:06:21Z",
   "aliases": [
     "CVE-2020-0656"
   ],
   "details": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh64-jjg2-744m",
-  "modified": "2022-05-17T03:38:48Z",
+  "modified": "2025-11-14T21:30:26Z",
   "published": "2022-05-17T03:38:48Z",
   "aliases": [
     "CVE-2016-7420"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
     },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/11/14/5"
+    },
     {
       "type": "WEB",
       "url": "http://www.securityfocus.com/bid/92988"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3vhw-gffp-6qr6",
-  "modified": "2025-05-08T09:30:25Z",
+  "modified": "2025-11-14T21:30:26Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37833"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries'\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0>\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR:      0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv >\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000    Not tainted\nTPC: <msix_prepare_msi_desc+0x90/0xa0>\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: <__pci_enable_msix_range+0x3cc/0x460>\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]>\nCall Trace:\n[<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu]\n[<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu]\n[<00000000005ef3e4>] local_pci_probe+0x28/0x74\n[<0000000000469240>] work_for_cpu_fn+0x8/0x1c\n[<000000000046b008>] process_scheduled_works+0x144/0x210\n[<000000000046b518>] worker_thread+0x13c/0x1c0\n[<00000000004710e0>] kthread+0xb8/0xc8\n[<00000000004060c8>] ret_from_fork+0x1c/0x2c\n[<0000000000000000>] 0x0\nKernel panic - not syncing: Non-resumable error.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jj7-p445-w2gq",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-14T21:30:27Z",
   "published": "2025-05-09T09:33:19Z",
   "aliases": [
     "CVE-2025-37840"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: fix PM resume warning\n\nFixed warning on PM resume as shown below caused due to uninitialized\nstruct nand_operation that checks chip select field :\nWARN_ON(op->cs >= nanddev_ntargets(&chip->base)\n\n[   14.588522] ------------[ cut here ]------------\n[   14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8\n[   14.588553] Modules linked in: bdc udc_core\n[   14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G        W          6.14.0-rc4-g5394eea10651 #16\n[   14.588590] Tainted: [W]=WARN\n[   14.588593] Hardware name: Broadcom STB (Flattened Device Tree)\n[   14.588598] Call trace:\n[   14.588604]  dump_backtrace from show_stack+0x18/0x1c\n[   14.588622]  r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c\n[   14.588625]  show_stack from dump_stack_lvl+0x70/0x7c\n[   14.588639]  dump_stack_lvl from dump_stack+0x18/0x1c\n[   14.588653]  r5:c08d40b0 r4:c1003cb0\n[   14.588656]  dump_stack from __warn+0x84/0xe4\n[   14.588668]  __warn from warn_slowpath_fmt+0x18c/0x194\n[   14.588678]  r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000\n[   14.588681]  warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8\n[   14.588695]  r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048\n[   14.588697]  nand_reset_op from brcmnand_resume+0x13c/0x150\n[   14.588714]  r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040\n[   14.588717]  brcmnand_resume from platform_pm_resume+0x34/0x54\n[   14.588735]  r5:00000010 r4:c0840a50\n[   14.588738]  platform_pm_resume from dpm_run_callback+0x5c/0x14c\n[   14.588757]  dpm_run_callback from device_resume+0xc0/0x324\n[   14.588776]  r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010\n[   14.588779]  device_resume from dpm_resume+0x130/0x160\n[   14.588799]  r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0\n[   14.588802]  dpm_resume from dpm_resume_end+0x14/0x20\n[   14.588822]  r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414\n[   14.588826]  r4:00000010\n[   14.588828]  dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8\n[   14.588848]  r5:c228a414 r4:00000000\n[   14.588851]  suspend_devices_and_enter from pm_suspend+0x228/0x2bc\n[   14.588868]  r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000\n[   14.588871]  r4:00000003\n[   14.588874]  pm_suspend from state_store+0x74/0xd0\n[   14.588889]  r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003\n[   14.588892]  state_store from kobj_attr_store+0x1c/0x28\n[   14.588913]  r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250\n[   14.588916]  kobj_attr_store from sysfs_kf_write+0x40/0x4c\n[   14.588936]  r5:c3502900 r4:c0d92a48\n[   14.588939]  sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0\n[   14.588956]  r5:c3502900 r4:c3501f40\n[   14.588960]  kernfs_fop_write_iter from vfs_write+0x250/0x420\n[   14.588980]  r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00\n[   14.588983]  r4:c042a88c\n[   14.588987]  vfs_write from ksys_write+0x74/0xe4\n[   14.589005]  r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00\n[   14.589008]  r4:c34f7f00\n[   14.589011]  ksys_write from sys_write+0x10/0x14\n[   14.589029]  r7:00000004 r6:004421c0 r5:00443398 r4:00000004\n[   14.589032]  sys_write from ret_fast_syscall+0x0/0x5c\n[   14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0)\n[   14.589050] 9fa0:                   00000004 00443398 00000004 00443398 00000004 00000001\n[   14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78\n[   14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8\n[   14.589065] ---[ end trace 0000000000000000 ]---\n\nThe fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when\ndoing PM resume operation in compliance with the controller support for single\ndie nand chip. Switching from nand_reset_op() to nan\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -61,7 +66,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-09T07:16:04Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8rhx-6jcw-6ghv",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-14T21:30:27Z",
   "published": "2025-05-09T09:33:19Z",
   "aliases": [
     "CVE-2025-37839"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: remove wrong sb->s_sequence check\n\nJournal emptiness is not determined by sb->s_sequence == 0 but rather by\nsb->s_start == 0 (which is set a few lines above). Furthermore 0 is a\nvalid transaction ID so the check can spuriously trigger. Remove the\ninvalid WARN_ON.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -61,7 +66,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-09T07:16:04Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jmf7-45hm-82v2",
-  "modified": "2025-05-08T09:30:25Z",
+  "modified": "2025-11-14T21:30:26Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37834"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: don't try to reclaim hwpoison folio\n\nSyzkaller reports a bug as follows:\n\nInjecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000\nMemory failure: 0x18b00e: dirty swapcache page still referenced by 2 users\nMemory failure: 0x18b00e: recovery action for dirty swapcache page: Failed\npage: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e\nmemcg:ffff0000dd6d9000\nanon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff)\nraw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9\nraw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000\npage dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))\n------------[ cut here ]------------\nkernel BUG at mm/swap_state.c:184!\nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP\nModules linked in:\nCPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3\nHardware name: linux,dummy-virt (DT)\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : add_to_swap+0xbc/0x158\nlr : add_to_swap+0xbc/0x158\nsp : ffff800087f37340\nx29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780\nx26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0\nx23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4\nx20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000\nx17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c\nx14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b\nx11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000\nx8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001\nx5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000\nCall trace:\n add_to_swap+0xbc/0x158\n shrink_folio_list+0x12ac/0x2648\n shrink_inactive_list+0x318/0x948\n shrink_lruvec+0x450/0x720\n shrink_node_memcgs+0x280/0x4a8\n shrink_node+0x128/0x978\n balance_pgdat+0x4f0/0xb20\n kswapd+0x228/0x438\n kthread+0x214/0x230\n ret_from_fork+0x10/0x20\n\nI can reproduce this issue with the following steps:\n\n1) When a dirty swapcache page is isolated by reclaim process and the\n   page isn't locked, inject memory failure for the page. \n   me_swapcache_dirty() clears uptodate flag and tries to delete from lru,\n   but fails.  Reclaim process will put the hwpoisoned page back to lru.\n\n2) The process that maps the hwpoisoned page exits, the page is deleted\n   the page will never be freed and will be in the lru forever.\n\n3) If we trigger a reclaim again and tries to reclaim the page,\n   add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is\n   cleared.\n\nTo fix it, skip the hwpoisoned page in shrink_folio_list().  Besides, the\nhwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap\nit in shrink_folio_list(), otherwise the folio will fail to be unmaped by\nhwpoison_user_mappings() since the folio isn't in lru list.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mr75-wq82-9hcw",
-  "modified": "2025-05-08T09:30:25Z",
+  "modified": "2025-11-14T21:30:26Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37828"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()\n\nA race can occur between the MCQ completion path and the abort handler:\nonce a request completes, __blk_mq_free_request() sets rq->mq_hctx to\nNULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in\nufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is\ndereferenced, the kernel will crash.\n\nAdd a NULL check for the returned hwq pointer. If hwq is NULL, log an\nerror and return FAILED, preventing a potential NULL-pointer\ndereference.  As suggested by Bart, the ufshcd_cmd_inflight() check is\nremoved.\n\nThis is similar to the fix in commit 74736103fb41 (\"scsi: ufs: core: Fix\nufshcd_abort_one racing issue\").\n\nThis is found by our static analysis tool KNighter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q7q8-5x36-4r88",
-  "modified": "2025-05-09T09:33:18Z",
+  "modified": "2025-11-14T21:30:27Z",
   "published": "2025-05-09T09:33:18Z",
   "aliases": [
     "CVE-2025-37837"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()\n\nTwo WARNINGs are observed when SMMU driver rolls back upon failure:\n arm-smmu-v3.9.auto: Failed to register iommu\n arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22\n ------------[ cut here ]------------\n WARNING: CPU: 5 PID: 1 at kernel/dma/mapping.c:74 dmam_free_coherent+0xc0/0xd8\n Call trace:\n  dmam_free_coherent+0xc0/0xd8 (P)\n  tegra241_vintf_free_lvcmdq+0x74/0x188\n  tegra241_cmdqv_remove_vintf+0x60/0x148\n  tegra241_cmdqv_remove+0x48/0xc8\n  arm_smmu_impl_remove+0x28/0x60\n  devm_action_release+0x1c/0x40\n ------------[ cut here ]------------\n 128 pages are still in use!\n WARNING: CPU: 16 PID: 1 at mm/page_alloc.c:6902 free_contig_range+0x18c/0x1c8\n Call trace:\n  free_contig_range+0x18c/0x1c8 (P)\n  cma_release+0x154/0x2f0\n  dma_free_contiguous+0x38/0xa0\n  dma_direct_free+0x10c/0x248\n  dma_free_attrs+0x100/0x290\n  dmam_free_coherent+0x78/0xd8\n  tegra241_vintf_free_lvcmdq+0x74/0x160\n  tegra241_cmdqv_remove+0x98/0x198\n  arm_smmu_impl_remove+0x28/0x60\n  devm_action_release+0x1c/0x40\n\nThis is because the LVCMDQ queue memory are managed by devres, while that\ndmam_free_coherent() is called in the context of devm_action_release().\n\nJason pointed out that \"arm_smmu_impl_probe() has mis-ordered the devres\ncallbacks if ops->device_remove() is going to be manually freeing things\nthat probe allocated\":\nhttps://lore.kernel.org/linux-iommu/[email protected]/\n\nIn fact, tegra241_cmdqv_init_structures() only allocates memory resources\nwhich means any failure that it generates would be similar to -ENOMEM, so\nthere is no point in having that \"falling back to standard SMMU\" routine,\nas the standard SMMU would likely fail to allocate memory too.\n\nRemove the unwind part in tegra241_cmdqv_init_structures(), and return a\nproper error code to ask SMMU driver to call tegra241_cmdqv_remove() via\nimpl_ops->device_remove(). Then, drop tegra241_vintf_free_lvcmdq() since\ndevres will take care of that.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-09T07:16:04Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wwcc-hw3c-mqv5",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-14T21:30:27Z",
   "published": "2025-05-09T09:33:18Z",
   "aliases": [
     "CVE-2025-37836"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix reference leak in pci_register_host_bridge()\n\nIf device_register() fails, call put_device() to give up the reference to\navoid a memory leak, per the comment at device_register().\n\nFound by code review.\n\n[bhelgaas: squash Dan Carpenter's double free fix from\nhttps://lore.kernel.org/r/[email protected]]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -57,7 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-09T07:16:04Z"