Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-9mf6-h5qw-3r5p/GHSA-9mf6-h5qw-3r5p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9mf6-h5qw-3r5p",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-16T15:30:25Z",
   "published": "2025-07-25T15:30:51Z",
   "aliases": [
     "CVE-2025-38354"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n  Unable to handle kernel paging request at virtual address 0000000000014110\n  pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n  lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n  Call trace:\n   a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n   devfreq_simple_ondemand_func+0x3c/0x150\n   devfreq_update_target+0x44/0xd8\n   qos_max_notifier_call+0x30/0x84\n   blocking_notifier_call_chain+0x6c/0xa0\n   pm_qos_update_target+0xd0/0x110\n   freq_qos_apply+0x3c/0x74\n   apply_constraint+0x88/0x148\n   __dev_pm_qos_update_request+0x7c/0xcc\n   dev_pm_qos_update_request+0x38/0x5c\n   devfreq_cooling_set_cur_state+0x98/0xf0\n   __thermal_cdev_update+0x64/0xb4\n   thermal_cdev_update+0x4c/0x58\n   step_wise_manage+0x1f0/0x318\n   __thermal_zone_device_update+0x278/0x424\n   __thermal_cooling_device_register+0x2bc/0x308\n   thermal_of_cooling_device_register+0x10/0x1c\n   of_devfreq_cooling_register_power+0x240/0x2bc\n   of_devfreq_cooling_register+0x14/0x20\n   msm_devfreq_init+0xc4/0x1a0 [msm]\n   msm_gpu_init+0x304/0x574 [msm]\n   adreno_gpu_init+0x1c4/0x2e0 [msm]\n   a6xx_gpu_init+0x5c8/0x9c8 [msm]\n   adreno_bind+0x2a8/0x33c [msm]\n   ...\n\nAt this point we haven't initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn't set the df->suspended flag\naccordingly. This means the df->suspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df->suspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:24Z"

advisories/unreviewed/2025/07/GHSA-gcxf-rh2w-2m9p/GHSA-gcxf-rh2w-2m9p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gcxf-rh2w-2m9p",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-16T15:30:25Z",
   "published": "2025-07-25T15:30:51Z",
   "aliases": [
     "CVE-2025-38363"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:25Z"

advisories/unreviewed/2025/07/GHSA-m2wh-w7w6-m2cj/GHSA-m2wh-w7w6-m2cj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m2wh-w7w6-m2cj",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-16T15:30:25Z",
   "published": "2025-07-25T15:30:51Z",
   "aliases": [
     "CVE-2025-38362"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:25Z"

advisories/unreviewed/2025/07/GHSA-p347-69w9-6826/GHSA-p347-69w9-6826.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p347-69w9-6826",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-16T15:30:25Z",
   "published": "2025-07-25T15:30:51Z",
   "aliases": [
     "CVE-2025-38364"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations.  Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set.  This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:25Z"

advisories/unreviewed/2025/12/GHSA-27p4-p9vc-8f94/GHSA-27p4-p9vc-8f94.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27p4-p9vc-8f94",
+  "modified": "2025-12-16T15:30:43Z",
+  "published": "2025-12-16T15:30:43Z",
+  "aliases": [
+    "CVE-2025-40353"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mte: Do not warn if the page is already tagged in copy_highpage()\n\nThe arm64 copy_highpage() assumes that the destination page is newly\nallocated and not MTE-tagged (PG_mte_tagged unset) and warns\naccordingly. However, following commit 060913999d7a (\"mm: migrate:\nsupport poisoned recover from migrate folio\"), folio_mc_copy() is called\nbefore __folio_migrate_mapping(). If the latter fails (-EAGAIN), the\ncopy will be done again to the same destination page. Since\ncopy_highpage() already set the PG_mte_tagged flag, this second copy\nwill warn.\n\nReplace the WARN_ON_ONCE(page already tagged) in the arm64\ncopy_highpage() with a comment.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0bbf3fc6e9211fce9889fe8efbb89c220504d617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b98c94eed4a975e0c80b7e90a649a46967376f58"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T14:15:47Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2c92-jwmp-9jr9/GHSA-2c92-jwmp-9jr9.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c92-jwmp-9jr9",
+  "modified": "2025-12-16T15:30:47Z",
+  "published": "2025-12-16T15:30:47Z",
+  "aliases": [
+    "CVE-2025-68252"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup\n\nIn fastrpc_map_lookup, dma_buf_get is called to obtain a reference to\nthe dma_buf for comparison purposes. However, this reference is never\nreleased when the function returns, leading to a dma_buf memory leak.\n\nFix this by adding dma_buf_put before returning from the function,\nensuring that the temporarily acquired reference is properly released\nregardless of whether a matching map is found.\n\nRule: add",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68252"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/214e81a63a9aa0be42382ef0365ba5ed32c513ab"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9a297a68c3ba4a7ecb31ed52f61bd6634abb79d3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c2fef5ebb73f3dabae6fbc571d181914ed32c483"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e17b13387827adce7acb19ac0f07f9bcafe0ff4c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fff111bf45cbeeb659324316d68554e35d350092"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T15:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2f2j-g35j-24qp/GHSA-2f2j-g35j-24qp.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f2j-g35j-24qp",
+  "modified": "2025-12-16T15:30:44Z",
+  "published": "2025-12-16T15:30:44Z",
+  "aliases": [
+    "CVE-2025-68189"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix GEM free for imported dma-bufs\n\nImported dma-bufs also have obj->resv != &obj->_resv.  So we should\ncheck both this condition in addition to flags for handling the\n_NO_SHARE case.\n\nFixes this splat that was reported with IRIS video playback:\n\n    ------------[ cut here ]------------\n    WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]\n    CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT\n    pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n    pc : msm_gem_free_object+0x1f8/0x264 [msm]\n    lr : msm_gem_free_object+0x138/0x264 [msm]\n    sp : ffff800092a1bb30\n    x29: ffff800092a1bb80 x28: ffff800092a1bce8 x27: ffffbc702dbdbe08\n    x26: 0000000000000008 x25: 0000000000000009 x24: 00000000000000a6\n    x23: ffff00083c72f850 x22: ffff00083c72f868 x21: ffff00087e69f200\n    x20: ffff00087e69f330 x19: ffff00084d157ae0 x18: 0000000000000000\n    x17: 0000000000000000 x16: ffffbc704bd46b80 x15: 0000ffffd0959540\n    x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n    x11: ffffbc702e6cdb48 x10: 0000000000000000 x9 : 000000000000003f\n    x8 : ffff800092a1ba90 x7 : 0000000000000000 x6 : 0000000000000020\n    x5 : ffffbc704bd46c40 x4 : fffffdffe102cf60 x3 : 0000000000400032\n    x2 : 0000000000020000 x1 : ffff00087e6978e8 x0 : ffff00087e6977e8\n    Call trace:\n     msm_gem_free_object+0x1f8/0x264 [msm] (P)\n     drm_gem_object_free+0x1c/0x30 [drm]\n     drm_gem_object_handle_put_unlocked+0x138/0x150 [drm]\n     drm_gem_object_release_handle+0x5c/0xcc [drm]\n     drm_gem_handle_delete+0x68/0xbc [drm]\n     drm_gem_close_ioctl+0x34/0x40 [drm]\n     drm_ioctl_kernel+0xc0/0x130 [drm]\n     drm_ioctl+0x360/0x4e0 [drm]\n     __arm64_sys_ioctl+0xac/0x104\n     invoke_syscall+0x48/0x104\n     el0_svc_common.constprop.0+0x40/0xe0\n     do_el0_svc+0x1c/0x28\n     el0_svc+0x34/0xec\n     el0t_64_sync_handler+0xa0/0xe4\n     el0t_64_sync+0x198/0x19c\n    ---[ end trace 0000000000000000 ]---\n    ------------[ cut here ]------------\n\nPatchwork: https://patchwork.freedesktop.org/patch/676273/",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68189"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9674c4cb2fe62727a2e4d3f66065ab949dfa61be"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c34e08ba6c0037a72a7433741225b020c989e4ae"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T14:15:51Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2rf6-4xf4-32wc/GHSA-2rf6-4xf4-32wc.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rf6-4xf4-32wc",
+  "modified": "2025-12-16T15:30:47Z",
+  "published": "2025-12-16T15:30:47Z",
+  "aliases": [
+    "CVE-2025-68265"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin request_queue lifetime\n\nThe namespaces can access the controller's admin request_queue, and\nstale references on the namespaces may exist after tearing down the\ncontroller. Ensure the admin request_queue is active by moving the\ncontroller's 'put' to after all controller references have been released\nto ensure no one is can access the request_queue. This fixes a reported\nuse-after-free bug:\n\n  BUG: KASAN: slab-use-after-free in blk_queue_enter+0x41c/0x4a0\n  Read of size 8 at addr ffff88c0a53819f8 by task nvme/3287\n  CPU: 67 UID: 0 PID: 3287 Comm: nvme Tainted: G            E       6.13.2-ga1582f1a031e #15\n  Tainted: [E]=UNSIGNED_MODULE\n  Hardware name: Jabil /EGS 2S MB1, BIOS 1.00 06/18/2025\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x4f/0x60\n   print_report+0xc4/0x620\n   ? _raw_spin_lock_irqsave+0x70/0xb0\n   ? _raw_read_unlock_irqrestore+0x30/0x30\n   ? blk_queue_enter+0x41c/0x4a0\n   kasan_report+0xab/0xe0\n   ? blk_queue_enter+0x41c/0x4a0\n   blk_queue_enter+0x41c/0x4a0\n   ? __irq_work_queue_local+0x75/0x1d0\n   ? blk_queue_start_drain+0x70/0x70\n   ? irq_work_queue+0x18/0x20\n   ? vprintk_emit.part.0+0x1cc/0x350\n   ? wake_up_klogd_work_func+0x60/0x60\n   blk_mq_alloc_request+0x2b7/0x6b0\n   ? __blk_mq_alloc_requests+0x1060/0x1060\n   ? __switch_to+0x5b7/0x1060\n   nvme_submit_user_cmd+0xa9/0x330\n   nvme_user_cmd.isra.0+0x240/0x3f0\n   ? force_sigsegv+0xe0/0xe0\n   ? nvme_user_cmd64+0x400/0x400\n   ? vfs_fileattr_set+0x9b0/0x9b0\n   ? cgroup_update_frozen_flag+0x24/0x1c0\n   ? cgroup_leave_frozen+0x204/0x330\n   ? nvme_ioctl+0x7c/0x2c0\n   blkdev_ioctl+0x1a8/0x4d0\n   ? blkdev_common_ioctl+0x1930/0x1930\n   ? fdget+0x54/0x380\n   __x64_sys_ioctl+0x129/0x190\n   do_syscall_64+0x5b/0x160\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x7f765f703b0b\n  Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d dd 52 0f 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffe2cefe808 EFLAGS: 00000202 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007ffe2cefe860 RCX: 00007f765f703b0b\n  RDX: 00007ffe2cefe860 RSI: 00000000c0484e41 RDI: 0000000000000003\n  RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000\n  R10: 00007f765f611d50 R11: 0000000000000202 R12: 0000000000000003\n  R13: 00000000c0484e41 R14: 0000000000000001 R15: 00007ffe2cefea60\n   </TASK>",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68265"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/03b3bcd319b3ab5182bc9aaa0421351572c78ac0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e7dac681790556c131854b97551337aa8042215b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e8061d02b49c5c901980f58d91e96580e9a14acf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T15:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2v94-v9cc-qp7h/GHSA-2v94-v9cc-qp7h.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2v94-v9cc-qp7h",
+  "modified": "2025-12-16T15:30:44Z",
+  "published": "2025-12-16T15:30:44Z",
+  "aliases": [
+    "CVE-2025-68179"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP\n\nAs reported by Luiz Capitulino enabling HVO on s390 leads to reproducible\ncrashes. The problem is that kernel page tables are modified without\nflushing corresponding TLB entries.\n\nEven if it looks like the empty flush_tlb_all() implementation on s390 is\nthe problem, it is actually a different problem: on s390 it is not allowed\nto replace an active/valid page table entry with another valid page table\nentry without the detour over an invalid entry. A direct replacement may\nlead to random crashes and/or data corruption.\n\nIn order to invalidate an entry special instructions have to be used\n(e.g. ipte or idte). Alternatively there are also special instructions\navailable which allow to replace a valid entry with a different valid\nentry (e.g. crdte or cspg).\n\nGiven that the HVO code currently does not provide the hooks to allow for\nan implementation which is compliant with the s390 architecture\nrequirements, disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP again, which is\nbasically a revert of the original patch which enabled it.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68179"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5e23918e4352288323d13fb511116cdea0234b71"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/64e2f60f355e556337fcffe80b9bcff1b22c9c42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7088465f10816d9425b95740b37c95f082041d76"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d4a8238e5729505b7394ccb007e5dc3e557aa66b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T14:15:49Z"
+  }
+}