Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-96pr-35f4-cf4c/GHSA-96pr-35f4-cf4c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-96pr-35f4-cf4c",
-  "modified": "2024-04-04T00:29:35Z",
+  "modified": "2025-12-12T21:31:27Z",
   "published": "2022-05-24T16:45:12Z",
   "aliases": [
     "CVE-2018-4063"
@@ -27,6 +27,14 @@
       "type": "WEB",
       "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4063"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack"
+    },
     {
       "type": "WEB",
       "url": "http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.html"

advisories/unreviewed/2024/10/GHSA-rpjm-g79v-v5gv/GHSA-rpjm-g79v-v5gv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rpjm-g79v-v5gv",
-  "modified": "2024-10-24T15:31:08Z",
+  "modified": "2025-12-12T21:31:27Z",
   "published": "2024-10-24T15:31:08Z",
   "aliases": [
     "CVE-2024-10180"

advisories/unreviewed/2025/08/GHSA-7gq9-6fw6-w5q3/GHSA-7gq9-6fw6-w5q3.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7gq9-6fw6-w5q3",
-  "modified": "2025-08-21T21:32:08Z",
+  "modified": "2025-12-12T21:31:29Z",
   "published": "2025-08-21T21:32:08Z",
   "aliases": [
     "CVE-2025-43747"
   ],
   "details": "A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-2633-6xpw-2gqx/GHSA-2633-6xpw-2gqx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2633-6xpw-2gqx",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53393"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device\n\nCurrently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0),\nthere is a special handling in order to use the correct counters, but,\nport_num is being passed down the stack without any change.  Also, some\nfunctions assume that port_num >=1. As a result, the following oops can\noccur.\n\n BUG: unable to handle page fault for address: ffff89510294f1a8\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 8 PID: 1382 Comm: devlink Tainted: G W          6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock+0xc/0x20\n Call Trace:\n  <TASK>\n  mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib]\n  do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib]\n  mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib]\n  ib_setup_device_attrs+0xf0/0x290 [ib_core]\n  ib_register_device+0x3bb/0x510 [ib_core]\n  ? atomic_notifier_chain_register+0x67/0x80\n  __mlx5_ib_add+0x2b/0x80 [mlx5_ib]\n  mlx5r_probe+0xb8/0x150 [mlx5_ib]\n  ? auxiliary_match_id+0x6a/0x90\n  auxiliary_bus_probe+0x3c/0x70\n  ? driver_sysfs_add+0x6b/0x90\n  really_probe+0xcd/0x380\n  __driver_probe_device+0x80/0x170\n  driver_probe_device+0x1e/0x90\n  __device_attach_driver+0x7d/0x100\n  ? driver_allows_async_probing+0x60/0x60\n  ? driver_allows_async_probing+0x60/0x60\n  bus_for_each_drv+0x7b/0xc0\n  __device_attach+0xbc/0x200\n  bus_probe_device+0x87/0xa0\n  device_add+0x404/0x940\n  ? dev_set_name+0x53/0x70\n  __auxiliary_device_add+0x43/0x60\n  add_adev+0x99/0xe0 [mlx5_core]\n  mlx5_attach_device+0xc8/0x120 [mlx5_core]\n  mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core]\n  devlink_reload+0x133/0x250\n  devlink_nl_cmd_reload+0x480/0x570\n  ? devlink_nl_pre_doit+0x44/0x2b0\n  genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n  genl_rcv_msg+0x180/0x2b0\n  ? devlink_nl_cmd_region_read_dumpit+0x540/0x540\n  ? devlink_reload+0x250/0x250\n  ? devlink_put+0x50/0x50\n  ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n  netlink_rcv_skb+0x54/0x100\n  genl_rcv+0x24/0x40\n  netlink_unicast+0x1f6/0x2c0\n  netlink_sendmsg+0x237/0x490\n  sock_sendmsg+0x33/0x40\n  __sys_sendto+0x103/0x160\n  ? handle_mm_fault+0x10e/0x290\n  ? do_user_addr_fault+0x1c0/0x5f0\n  __x64_sys_sendto+0x25/0x30\n  do_syscall_64+0x3d/0x90\n  entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFix it by setting port_num to 1 in order to get device status and remove\nunused variable.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:42Z"

advisories/unreviewed/2025/09/GHSA-2wfh-xv6f-6623/GHSA-2wfh-xv6f-6623.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2wfh-xv6f-6623",
-  "modified": "2025-09-18T15:30:33Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T15:30:33Z",
   "aliases": [
     "CVE-2022-50394"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: ismt: Fix an out-of-bounds bug in ismt_access()\n\nWhen the driver does not check the data from the user, the variable\n'data->block[0]' may be very large to cause an out-of-bounds bug.\n\nThe following log can reveal it:\n\n[   33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20\n[   33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA:  WRITE\n[   33.996475] ==================================================================\n[   33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b\n[   33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485\n[   33.999450] Call Trace:\n[   34.001849]  memcpy+0x20/0x60\n[   34.002077]  ismt_access.cold+0x374/0x214b\n[   34.003382]  __i2c_smbus_xfer+0x44f/0xfb0\n[   34.004007]  i2c_smbus_xfer+0x10a/0x390\n[   34.004291]  i2cdev_ioctl_smbus+0x2c8/0x710\n[   34.005196]  i2cdev_ioctl+0x5ec/0x74c\n\nFix this bug by checking the size of 'data->block[0]' first.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:38Z"

advisories/unreviewed/2025/09/GHSA-2x2w-mp33-7x7m/GHSA-2x2w-mp33-7x7m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x2w-mp33-7x7m",
-  "modified": "2025-09-18T18:30:28Z",
+  "modified": "2025-12-12T21:31:32Z",
   "published": "2025-09-18T18:30:28Z",
   "aliases": [
     "CVE-2023-53447"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don't reset unchangable mount option in f2fs_remount()\n\nsyzbot reports a bug as below:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN\nRIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942\nCall Trace:\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691\n __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline]\n _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300\n __drop_extent_tree+0x3ac/0x660 fs/f2fs/extent_cache.c:1100\n f2fs_drop_extent_tree+0x17/0x30 fs/f2fs/extent_cache.c:1116\n f2fs_insert_range+0x2d5/0x3c0 fs/f2fs/file.c:1664\n f2fs_fallocate+0x4e4/0x6d0 fs/f2fs/file.c:1838\n vfs_fallocate+0x54b/0x6b0 fs/open.c:324\n ksys_fallocate fs/open.c:347 [inline]\n __do_sys_fallocate fs/open.c:355 [inline]\n __se_sys_fallocate fs/open.c:353 [inline]\n __x64_sys_fallocate+0xbd/0x100 fs/open.c:353\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is race condition as below:\n- since it tries to remount rw filesystem, so that do_remount won't\ncall sb_prepare_remount_readonly to block fallocate, there may be race\ncondition in between remount and fallocate.\n- in f2fs_remount(), default_options() will reset mount option to default\none, and then update it based on result of parse_options(), so there is\na hole which race condition can happen.\n\nThread A\t\t\tThread B\n- f2fs_fill_super\n - parse_options\n  - clear_opt(READ_EXTENT_CACHE)\n\n- f2fs_remount\n - default_options\n  - set_opt(READ_EXTENT_CACHE)\n\t\t\t\t- f2fs_fallocate\n\t\t\t\t - f2fs_insert_range\n\t\t\t\t  - f2fs_drop_extent_tree\n\t\t\t\t   - __drop_extent_tree\n\t\t\t\t    - __may_extent_tree\n\t\t\t\t     - test_opt(READ_EXTENT_CACHE) return true\n\t\t\t\t    - write_lock(&et->lock) access NULL pointer\n - parse_options\n  - clear_opt(READ_EXTENT_CACHE)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T16:15:49Z"

advisories/unreviewed/2025/09/GHSA-36m3-c68m-7673/GHSA-36m3-c68m-7673.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36m3-c68m-7673",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53406"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time.  To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:44Z"

advisories/unreviewed/2025/09/GHSA-3w47-qc84-prwf/GHSA-3w47-qc84-prwf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3w47-qc84-prwf",
-  "modified": "2025-09-18T18:30:28Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T18:30:28Z",
   "aliases": [
     "CVE-2023-53445"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Fix a refcount bug in qrtr_recvmsg()\n\nSyzbot reported a bug as following:\n\nrefcount_t: addition on 0; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25\n...\nCall Trace:\n <TASK>\n __refcount_add include/linux/refcount.h:199 [inline]\n __refcount_inc include/linux/refcount.h:250 [inline]\n refcount_inc include/linux/refcount.h:267 [inline]\n kref_get include/linux/kref.h:45 [inline]\n qrtr_node_acquire net/qrtr/af_qrtr.c:202 [inline]\n qrtr_node_lookup net/qrtr/af_qrtr.c:398 [inline]\n qrtr_send_resume_tx net/qrtr/af_qrtr.c:1003 [inline]\n qrtr_recvmsg+0x85f/0x990 net/qrtr/af_qrtr.c:1070\n sock_recvmsg_nosec net/socket.c:1017 [inline]\n sock_recvmsg+0xe2/0x160 net/socket.c:1038\n qrtr_ns_worker+0x170/0x1700 net/qrtr/ns.c:688\n process_one_work+0x991/0x15c0 kernel/workqueue.c:2390\n worker_thread+0x669/0x1090 kernel/workqueue.c:2537\n\nIt occurs in the concurrent scenario of qrtr_recvmsg() and\nqrtr_endpoint_unregister() as following:\n\n\tcpu0\t\t\t\t\tcpu1\nqrtr_recvmsg\t\t\t\tqrtr_endpoint_unregister\nqrtr_send_resume_tx\t\t\tqrtr_node_release\nqrtr_node_lookup\t\t\tmutex_lock(&qrtr_node_lock)\nspin_lock_irqsave(&qrtr_nodes_lock, )\trefcount_dec_and_test(&node->ref) [node->ref == 0]\nradix_tree_lookup [node != NULL]\t__qrtr_node_release\nqrtr_node_acquire\t\t\tspin_lock_irqsave(&qrtr_nodes_lock, )\nkref_get(&node->ref) [WARNING]\t\t...\n\t\t\t\t\tmutex_unlock(&qrtr_node_lock)\n\nUse qrtr_node_lock to protect qrtr_node_lookup() implementation, this\nis actually improving the protection of node reference.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T16:15:48Z"

advisories/unreviewed/2025/09/GHSA-427x-59vx-vjwq/GHSA-427x-59vx-vjwq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-427x-59vx-vjwq",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53396"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix memory leak in do_rename\n\nIf renaming a file in an encrypted directory, function\nfscrypt_setup_filename allocates memory for a file name. This name is\nnever used, and before returning to the caller the memory for it is not\nfreed.\n\nWhen running kmemleak on it we see that it is registered as a leak. The\nreport below is triggered by a simple program 'rename' that renames a\nfile in an encrypted directory:\n\n  unreferenced object 0xffff888101502840 (size 32):\n    comm \"rename\", pid 9404, jiffies 4302582475 (age 435.735s)\n    backtrace:\n      __kmem_cache_alloc_node\n      __kmalloc\n      fscrypt_setup_filename\n      do_rename\n      ubifs_rename\n      vfs_rename\n      do_renameat2\n\nTo fix this we can remove the call to fscrypt_setup_filename as it's not\nneeded.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:42Z"

advisories/unreviewed/2025/09/GHSA-4c73-vgp7-gjq5/GHSA-4c73-vgp7-gjq5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4c73-vgp7-gjq5",
-  "modified": "2025-09-18T15:30:34Z",
+  "modified": "2025-12-12T21:31:31Z",
   "published": "2025-09-18T15:30:34Z",
   "aliases": [
     "CVE-2023-53397"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodpost: fix off by one in is_executable_section()\n\nThe > comparison should be >= to prevent an out of bounds array\naccess.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-193"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-18T14:15:42Z"