Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2025-11-14T00:30:27Z",
+  "modified": "2025-11-20T21:30:30Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -60,6 +60,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21368"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21885"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"

advisories/unreviewed/2025/01/GHSA-xh5q-pch5-g3xq/GHSA-xh5q-pch5-g3xq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh5q-pch5-g3xq",
-  "modified": "2025-11-04T00:32:20Z",
+  "modified": "2025-11-20T21:30:28Z",
   "published": "2025-01-14T18:32:00Z",
   "aliases": [
     "CVE-2024-12085"
@@ -51,6 +51,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:2701"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21885"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:1451"

advisories/unreviewed/2025/06/GHSA-53rj-48p2-7m5j/GHSA-53rj-48p2-7m5j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-53rj-48p2-7m5j",
-  "modified": "2025-11-18T00:30:18Z",
+  "modified": "2025-11-20T21:30:29Z",
   "published": "2025-06-26T18:31:28Z",
   "aliases": [
     "CVE-2025-34049"

advisories/unreviewed/2025/06/GHSA-7376-x4rm-3v8x/GHSA-7376-x4rm-3v8x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7376-x4rm-3v8x",
-  "modified": "2025-10-30T06:30:53Z",
+  "modified": "2025-11-20T21:30:28Z",
   "published": "2025-06-09T21:30:52Z",
   "aliases": [
     "CVE-2025-5914"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5914"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21885"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19046"

advisories/unreviewed/2025/06/GHSA-f369-pp94-cgwp/GHSA-f369-pp94-cgwp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f369-pp94-cgwp",
-  "modified": "2025-11-18T00:30:18Z",
+  "modified": "2025-11-20T21:30:29Z",
   "published": "2025-06-26T18:31:28Z",
   "aliases": [
     "CVE-2025-34047"

advisories/unreviewed/2025/07/GHSA-26c6-3rj3-7q4h/GHSA-26c6-3rj3-7q4h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-26c6-3rj3-7q4h",
-  "modified": "2025-07-10T15:31:21Z",
+  "modified": "2025-11-20T21:30:30Z",
   "published": "2025-07-09T12:31:34Z",
   "aliases": [
     "CVE-2025-38246"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next->prev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P           O       6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff <0f> 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS:  0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560]  <IRQ>\n[56251.851943]  cpu_map_enqueue.cold+0x5/0xa\n[56251.860243]  xdp_do_redirect+0x2d9/0x480\n[56251.868388]  bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028]  bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665]  ? cpu_max_write+0x1e/0x100\n[56251.893510]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276]  __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058]  bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250]  __napi_poll+0x2b/0x160\n[56251.951155]  bpf_trampoline_6442548651+0x79/0x123\n[56251.959262]  __napi_poll+0x5/0x160\n[56251.966037]  net_rx_action+0x3d2/0x880\n[56251.973133]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262]  ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875]  ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673]  ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903]  handle_softirqs+0xcf/0x270\n[56252.026650]  irq_exit_rcu+0x67/0x90\n[56252.032933]  common_interrupt+0x85/0xa0\n[56252.039498]  </IRQ>\n[56252.044246]  <TASK>\n[56252.048935]  asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 <0f> 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667]  ? cpuidle_enter_state+0xab/0x420\n[56252.153909]  cpuidle_enter+0x2d/0x40\n[56252.160360]  do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-09T11:15:26Z"

advisories/unreviewed/2025/07/GHSA-2789-v55f-r7v6/GHSA-2789-v55f-r7v6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2789-v55f-r7v6",
-  "modified": "2025-07-03T09:30:34Z",
+  "modified": "2025-11-20T21:30:29Z",
   "published": "2025-07-03T09:30:34Z",
   "aliases": [
     "CVE-2025-38133"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad4851: fix ad4858 chan pointer handling\n\nThe pointer returned from ad4851_parse_channels_common() is incremented\ninternally as each channel is populated. In ad4858_parse_channels(),\nthe same pointer was further incremented while setting ext_scan_type\nfields for each channel. This resulted in indio_dev->channels being set\nto a pointer past the end of the allocated array, potentially causing\nmemory corruption or undefined behavior.\n\nFix this by iterating over the channels using an explicit index instead\nof incrementing the pointer. This preserves the original base pointer\nand ensures all channel metadata is set correctly.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-03T09:15:27Z"

advisories/unreviewed/2025/07/GHSA-2x7p-gc2x-3v72/GHSA-2x7p-gc2x-3v72.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x7p-gc2x-3v72",
-  "modified": "2025-07-03T09:30:34Z",
+  "modified": "2025-11-20T21:30:30Z",
   "published": "2025-07-03T09:30:34Z",
   "aliases": [
     "CVE-2025-38150"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_packet: move notifier's packet_dev_mc out of rcu critical section\n\nSyzkaller reports the following issue:\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n __mutex_lock+0x106/0xe80 kernel/locking/mutex.c:746\n team_change_rx_flags+0x38/0x220 drivers/net/team/team_core.c:1781\n dev_change_rx_flags net/core/dev.c:9145 [inline]\n __dev_set_promiscuity+0x3f8/0x590 net/core/dev.c:9189\n netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201\n dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286 packet_dev_mc net/packet/af_packet.c:3698 [inline]\n packet_dev_mclist_delete net/packet/af_packet.c:3722 [inline]\n packet_notifier+0x292/0xa60 net/packet/af_packet.c:4247\n notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85\n call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]\n call_netdevice_notifiers net/core/dev.c:2228 [inline]\n unregister_netdevice_many_notify+0x15d8/0x2330 net/core/dev.c:11972\n rtnl_delete_link net/core/rtnetlink.c:3522 [inline]\n rtnl_dellink+0x488/0x710 net/core/rtnetlink.c:3564\n rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6955\n netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534\n\nCalling `PACKET_ADD_MEMBERSHIP` on an ops-locked device can trigger\nthe `NETDEV_UNREGISTER` notifier, which may require disabling promiscuous\nand/or allmulti mode. Both of these operations require acquiring\nthe netdev instance lock.\n\nMove the call to `packet_dev_mc` outside of the RCU critical section.\nThe `mclist` modifications (add, del, flush, unregister) are protected by\nthe RTNL, not the RCU. The RCU only protects the `sklist` and its\nassociated `sks`. The delayed operation on the `mclist` entry remains\nwithin the RTNL.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-03T09:15:29Z"

advisories/unreviewed/2025/07/GHSA-3g7h-wv72-q2hf/GHSA-3g7h-wv72-q2hf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3g7h-wv72-q2hf",
-  "modified": "2025-07-03T09:30:34Z",
+  "modified": "2025-11-20T21:30:29Z",
   "published": "2025-07-03T09:30:34Z",
   "aliases": [
     "CVE-2025-38140"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk->conv_zones_bitmap was the wrong size.\n\nIf the device doesn't have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device.  If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk->nr_zones value. In this case, DM must restore the previous\nvalue of disk->nr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes.  Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources.  Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append.  Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-03T09:15:28Z"

advisories/unreviewed/2025/07/GHSA-3pqf-m36q-w788/GHSA-3pqf-m36q-w788.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pqf-m36q-w788",
-  "modified": "2025-07-03T09:30:35Z",
+  "modified": "2025-11-20T21:30:30Z",
   "published": "2025-07-03T09:30:35Z",
   "aliases": [
     "CVE-2025-38168"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Unregister PMUs on probe failure\n\nWhen a resource allocation fails in one clock domain of an NI device,\nwe need to properly roll back all previously registered perf PMUs in\nother clock domains of the same device.\n\nOtherwise, it can lead to kernel panics.\n\nCalling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374\narm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000\narm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16\nlist_add corruption: next->prev should be prev (fffffd01e9698a18),\nbut was 0000000000000000. (next=ffff10001a0decc8).\npstate: 6340009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : list_add_valid_or_report+0x7c/0xb8\nlr : list_add_valid_or_report+0x7c/0xb8\nCall trace:\n __list_add_valid_or_report+0x7c/0xb8\n perf_pmu_register+0x22c/0x3a0\n arm_ni_probe+0x554/0x70c [arm_ni]\n platform_probe+0x70/0xe8\n really_probe+0xc6/0x4d8\n driver_probe_device+0x48/0x170\n __driver_attach+0x8e/0x1c0\n bus_for_each_dev+0x64/0xf0\n driver_add+0x138/0x260\n bus_add_driver+0x68/0x138\n __platform_driver_register+0x2c/0x40\n arm_ni_init+0x14/0x2a [arm_ni]\n do_init_module+0x36/0x298\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops - BUG: Fatal exception\nSMP: stopping secondary CPUs",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-03T09:15:32Z"