Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/04/GHSA-9xch-xvj3-fmf3/GHSA-9xch-xvj3-fmf3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9xch-xvj3-fmf3",
-  "modified": "2024-08-22T21:31:28Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2024-04-10T18:30:47Z",
   "aliases": [
     "CVE-2024-3566"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
+    },
     {
       "type": "WEB",
       "url": "https://kb.cert.org/vuls/id/123335"

advisories/unreviewed/2025/06/GHSA-4m42-39c8-px5p/GHSA-4m42-39c8-px5p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4m42-39c8-px5p",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50115"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes\n\nWe have sanity checks for byte controls and if any of the fail the locally\nallocated scontrol->ipc_control_data is freed up, but not set to NULL.\n\nOn a rollback path of the error the higher level code will also try to free\nthe scontrol->ipc_control_data which will eventually going to lead to\nmemory corruption as double freeing memory is not a good thing.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:41Z"

advisories/unreviewed/2025/06/GHSA-58fj-7xrf-2v4q/GHSA-58fj-7xrf-2v4q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58fj-7xrf-2v4q",
-  "modified": "2025-06-18T12:30:48Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:48Z",
   "aliases": [
     "CVE-2022-50118"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable\n\ncommit 2c9ac51b850d (\"powerpc/perf: Fix PMU callbacks to clear\npending PMI before resetting an overflown PMC\") added a new\nfunction \"pmi_irq_pending\" in hw_irq.h. This function is to check\nif there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is\nused in power_pmu_disable in a WARN_ON. The intention here is to\nprovide a warning if there is PMI pending, but no counter is found\noverflown.\n\nDuring some of the perf runs, below warning is hit:\n\nWARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0\n Modules linked in:\n -----\n\n NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0\n LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0\n Call Trace:\n [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable)\n [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60\n [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100\n [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240\n [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140\n [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0\n [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300\n [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100\n [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40\n [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250\n [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0\n [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0\n [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80\n [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0\n [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140\n [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8\n [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0\n [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220\n\nThis means that there is no PMC overflown among the active events\nin the PMU, but there is a PMU pending in Paca. The function\n\"any_pmc_overflown\" checks the PMCs on active events in\ncpuhw->n_events. Code snippet:\n\n<<>>\nif (any_pmc_overflown(cpuhw))\n \tclear_pmi_irq_pending();\n else\n \tWARN_ON(pmi_irq_pending());\n<<>>\n\nHere the PMC overflown is not from active event. Example: When we do\nperf record, default cycles and instructions will be running on PMC6\nand PMC5 respectively. It could happen that overflowed event is currently\nnot active and pending PMI is for the inactive event. Debug logs from\ntrace_printk:\n\n<<>>\nany_pmc_overflown: idx is 5: pmc value is 0xd9a\npower_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011\n<<>>\n\nHere active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011).\nWhen we handle PMI interrupt for such cases, if the PMC overflown is\nfrom inactive event, it will be ignored. Reference commit:\ncommit bc09c219b2e6 (\"powerpc/perf: Fix finding overflowed PMC in interrupt\")\n\nPatch addresses two changes:\n1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); )\n   We were printing warning if no PMC is found overflown among active PMU\n   events, but PMI pending in PACA. But this could happen in cases where\n   PMC overflown is not in active PMC. An inactive event could have caused\n   the overflow. Hence the warning is not needed. To know pending PMI is\n   from an inactive event, we need to loop through all PMC's which will\n   cause more SPR reads via mfspr and increase in context switch. Also in\n   existing function: perf_event_interrupt, already we ignore PMI's\n   overflown when it is from an inactive PMC.\n\n2) Fix 2: optimization in clearing pending PMI.\n   Currently we check for any active PMC overflown before clearing PMI\n   pending in Paca. This is causing additional SP\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:41Z"

advisories/unreviewed/2025/06/GHSA-7gcq-47qc-pww5/GHSA-7gcq-47qc-pww5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7gcq-47qc-pww5",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50124"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -45,7 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:42Z"

advisories/unreviewed/2025/06/GHSA-86f4-ffm7-3hcc/GHSA-86f4-ffm7-3hcc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-86f4-ffm7-3hcc",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50121"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:41Z"

advisories/unreviewed/2025/06/GHSA-9qv5-27hf-7pmq/GHSA-9qv5-27hf-7pmq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9qv5-27hf-7pmq",
-  "modified": "2025-06-18T12:30:50Z",
+  "modified": "2025-11-18T18:32:46Z",
   "published": "2025-06-18T12:30:50Z",
   "aliases": [
     "CVE-2022-50137"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a window for use-after-free\n\nDuring a destroy CQ an interrupt may cause processing of a CQE after CQ\nresources are freed by irdma_cq_free_rsrc(). Fix this by moving the call\nto irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is\ncalled under the cq_lock.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:43Z"

advisories/unreviewed/2025/06/GHSA-c39j-57h3-vvjp/GHSA-c39j-57h3-vvjp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c39j-57h3-vvjp",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:46Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50133"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci_plat_remove: avoid NULL dereference\n\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci->shared_hcd can be NULL, which causes the following Oops\non reboot:\n\n[  710.124450] systemd-shutdown[1]: Rebooting.\n[  710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[  710.304217] usb usb3: USB disconnect, device number 1\n[  710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[  710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[  710.328401] usb usb2: USB disconnect, device number 1\n[  710.333515] usb 2-3: USB disconnect, device number 2\n[  710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[  710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[  710.484425] Mem abort info:\n[  710.487265]   ESR = 0x0000000096000004\n[  710.491060]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  710.496427]   SET = 0, FnV = 0\n[  710.499525]   EA = 0, S1PTW = 0\n[  710.502716]   FSC = 0x04: level 0 translation fault\n[  710.507648] Data abort info:\n[  710.510577]   ISV = 0, ISS = 0x00000004\n[  710.514462]   CM = 0, WnR = 0\n[  710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[  710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[  710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[  710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[  710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[  710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[  710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[  710.602067] lr : xhci_plat_remove+0x74/0x140\n[  710.606351] sp : ffff800009f3b7c0\n[  710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[  710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[  710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[  710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[  710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[  710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[  710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[  710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[  710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[  710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[  710.681251] Call trace:\n[  710.683704]  usb_remove_hcd+0x34/0x1e4\n[  710.687467]  xhci_plat_remove+0x74/0x140\n[  710.691400]  platform_remove+0x34/0x70\n[  710.695165]  device_remove+0x54/0x90\n[  710.698753]  device_release_driver_internal+0x200/0x270\n[  710.703992]  device_release_driver+0x24/0x30\n[  710.708273]  bus_remove_device+0xe0/0x16c\n[  710.712293]  device_del+0x178/0x390\n[  710.715797]  platform_device_del.part.0+0x24/0x90\n[  710.720514]  platform_device_unregister+0x30/0x50\n[  710.725232]  dwc3_host_exit+0x20/0x30\n[  710.728907]  dwc3_remove+0x174/0x1b0\n[  710.732494]  platform_remove+0x34/0x70\n[  710.736254]  device_remove+0x54/0x90\n[  710.739840]  device_release_driver_internal+0x200/0x270\n[  710.745078]  device_release_driver+0x24/0x30\n[  710.749359]  bus_remove_device+0xe0/0x16c\n[  710.753380]  device_del+0x178/0x390\n[  710.756881]  platform_device_del.part\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:43Z"

advisories/unreviewed/2025/06/GHSA-g26v-cwrx-qvcw/GHSA-g26v-cwrx-qvcw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g26v-cwrx-qvcw",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50117"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio: Split migration ops from main device ops\n\nvfio core checks whether the driver sets some migration op (e.g.\nset_state/get_state) and accordingly calls its op.\n\nHowever, currently mlx5 driver sets the above ops without regards to its\nmigration caps.\n\nThis might lead to unexpected usage/Oops if user space may call to the\nabove ops even if the driver doesn't support migration. As for example,\nthe migration state_mutex is not initialized in that case.\n\nThe cleanest way to manage that seems to split the migration ops from\nthe main device ops, this will let the driver setting them separately\nfrom the main ops when it's applicable.\n\nAs part of that, validate ops construction on registration and include a\ncheck for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set\nin migration_flags.\n\nHISI driver was changed as well to match this scheme.\n\nThis scheme may enable down the road to come with some extra group of\nops (e.g. DMA log) that can be set without regards to the other options\nbased on driver caps.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:41Z"

advisories/unreviewed/2025/06/GHSA-g27f-6634-78c3/GHSA-g27f-6634-78c3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g27f-6634-78c3",
-  "modified": "2025-06-18T12:30:50Z",
+  "modified": "2025-11-18T18:32:46Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50127"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix error unwind in rxe_create_qp()\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\n\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nMove the spinlock initializations earlier before any failures.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-908"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:42Z"

advisories/unreviewed/2025/06/GHSA-gcg7-5fjh-vh6m/GHSA-gcg7-5fjh-vh6m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gcg7-5fjh-vh6m",
-  "modified": "2025-06-18T12:30:49Z",
+  "modified": "2025-11-18T18:32:45Z",
   "published": "2025-06-18T12:30:49Z",
   "aliases": [
     "CVE-2022-50119"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: Fix possible refcount leak in rpmsg_register_device_override()\n\nrpmsg_register_device_override need to call put_device to free vch when\ndriver_set_override fails.\n\nFix this by adding a put_device() to the error path.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -45,7 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:41Z"