Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-76p7-773f-r4q5",
-  "modified": "2025-11-12T09:30:26Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-02-10T18:30:47Z",
   "aliases": [
     "CVE-2024-11831"
@@ -46,59 +46,63 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25"
+      "url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e"
+      "url": "https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/yahoo/serialize-javascript"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHBA-2025:0304"
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:1334"
+      "url": "https://access.redhat.com/security/cve/CVE-2024-11831"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:1468"
+      "url": "https://access.redhat.com/errata/RHSA-2025:8551"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:21068"
+      "url": "https://access.redhat.com/errata/RHSA-2025:8544"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:4511"
+      "url": "https://access.redhat.com/errata/RHSA-2025:8479"
     },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:8059"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:8479"
+      "url": "https://access.redhat.com/errata/RHSA-2025:4511"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:8544"
+      "url": "https://access.redhat.com/errata/RHSA-2025:21203"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:8551"
+      "url": "https://access.redhat.com/errata/RHSA-2025:21068"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/security/cve/CVE-2024-11831"
+      "url": "https://access.redhat.com/errata/RHSA-2025:1468"
     },
     {
       "type": "WEB",
-      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579"
+      "url": "https://access.redhat.com/errata/RHSA-2025:1334"
     },
     {
-      "type": "PACKAGE",
-      "url": "https://github.com/yahoo/serialize-javascript"
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:0304"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/05/GHSA-3c86-6wjp-hf8m/GHSA-3c86-6wjp-hf8m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3c86-6wjp-hf8m",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:24Z",
   "aliases": [
     "CVE-2025-37815"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration\n\nResolve kernel panic while accessing IRQ handler associated with the\ngenerated IRQ. This is done by acquiring the spinlock and storing the\ncurrent interrupt state before handling the interrupt request using\ngeneric_handle_irq.\n\nA previous fix patch was submitted where 'generic_handle_irq' was\nreplaced with 'handle_nested_irq'. However, this change also causes\nthe kernel panic where after determining which GPIO triggered the\ninterrupt and attempting to call handle_nested_irq with the mapped\nIRQ number, leads to a failure in locating the registered handler.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:52Z"

advisories/unreviewed/2025/05/GHSA-4q4q-jv3m-fqjr/GHSA-4q4q-jv3m-fqjr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4q4q-jv3m-fqjr",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:24Z",
   "aliases": [
     "CVE-2025-37818"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Return NULL from huge_pte_offset() for invalid PMD\n\nLoongArch's huge_pte_offset() currently returns a pointer to a PMD slot\neven if the underlying entry points to invalid_pte_table (indicating no\nmapping). Callers like smaps_hugetlb_range() fetch this invalid entry\nvalue (the address of invalid_pte_table) via this pointer.\n\nThe generic is_swap_pte() check then incorrectly identifies this address\nas a swap entry on LoongArch, because it satisfies the \"!pte_present()\n&& !pte_none()\" conditions. This misinterpretation, combined with a\ncoincidental match by is_migration_entry() on the address bits, leads to\nkernel crashes in pfn_swap_entry_to_page().\n\nFix this at the architecture level by modifying huge_pte_offset() to\ncheck the PMD entry's content using pmd_none() before returning. If the\nentry is invalid (i.e., it points to invalid_pte_table), return NULL\ninstead of the pointer to the slot.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:53Z"

advisories/unreviewed/2025/05/GHSA-4x4p-c635-2m6r/GHSA-4x4p-c635-2m6r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4x4p-c635-2m6r",
-  "modified": "2025-05-08T09:30:24Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:24Z",
   "aliases": [
     "CVE-2025-37816"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmei: vsc: Fix fortify-panic caused by invalid counted_by() use\n\ngcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[]\nand the vsc-tp.c code is using this in a wrong way. len does not contain\nthe available size in the buffer, it contains the actual packet length\n*without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to\nbuf[] the fortify-panic handler gets triggered:\n\n[   80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0\n[   80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50\n...\n[   80.843175]  __fortify_panic+0x9/0xb\n[   80.843186]  vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw]\n[   80.843210]  ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[   80.843229]  ? lockdep_hardirqs_on+0x7c/0x110\n[   80.843250]  mei_vsc_hw_start+0x98/0x120 [mei_vsc]\n[   80.843270]  mei_reset+0x11d/0x420 [mei]\n\nThe easiest fix would be to just drop the counted-by but with the exception\nof the ack buffer in vsc_tp_xfer_helper() which only contains enough room\nfor the packet-header, all other uses of vsc_tp_packet always use a buffer\nof VSC_TP_MAX_XFER_SIZE bytes for the packet.\n\nInstead of just dropping the counted-by, split the vsc_tp_packet struct\ndefinition into a header and a full-packet definition and use a fixed\nsize buf[] in the packet definition, this way fortify-source buffer\noverrun checking still works when enabled.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:52Z"

advisories/unreviewed/2025/05/GHSA-7wf9-8x5x-fv67/GHSA-7wf9-8x5x-fv67.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7wf9-8x5x-fv67",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:24Z",
   "aliases": [
     "CVE-2025-37811"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: ci_hdrc_imx: fix usbmisc handling\n\nusbmisc is an optional device property so it is totally valid for the\ncorresponding data->usbmisc_data to have a NULL value.\n\nCheck that before dereferencing the pointer.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:52Z"

advisories/unreviewed/2025/05/GHSA-8fxr-4vx8-rh8m/GHSA-8fxr-4vx8-rh8m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8fxr-4vx8-rh8m",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37830"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"

advisories/unreviewed/2025/05/GHSA-cr4p-cqhr-xjwp/GHSA-cr4p-cqhr-xjwp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cr4p-cqhr-xjwp",
-  "modified": "2025-05-08T09:30:25Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37826"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()\n\nAdd a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq().\n\nThis is similar to the fix in commit 74736103fb41 (\"scsi: ufs: core: Fix\nufshcd_abort_one racing issue\").",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:53Z"

advisories/unreviewed/2025/05/GHSA-f4v2-fv46-7wx2/GHSA-f4v2-fv46-7wx2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f4v2-fv46-7wx2",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37829"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"

advisories/unreviewed/2025/05/GHSA-j5r6-fgq5-9wcx/GHSA-j5r6-fgq5-9wcx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j5r6-fgq5-9wcx",
-  "modified": "2025-11-03T21:33:47Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:24Z",
   "aliases": [
     "CVE-2025-37817"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmcb: fix a double free bug in chameleon_parse_gdd()\n\nIn chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev'\nwould be released in mcb_device_register() via put_device().\nThus, goto 'err' label and free 'mdev' again causes a double free.\nJust return if mcb_device_register() fails.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:52Z"

advisories/unreviewed/2025/05/GHSA-p285-vxm3-73m7/GHSA-p285-vxm3-73m7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p285-vxm3-73m7",
-  "modified": "2025-05-08T09:30:25Z",
+  "modified": "2025-11-13T00:30:16Z",
   "published": "2025-05-08T09:30:25Z",
   "aliases": [
     "CVE-2025-37831"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-08T07:15:54Z"