Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-29v4-89fg-g7q9/GHSA-29v4-89fg-g7q9.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29v4-89fg-g7q9",
+  "modified": "2025-11-12T12:30:27Z",
+  "published": "2025-11-12T12:30:27Z",
+  "aliases": [
+    "CVE-2025-40132"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback\n\nIn create_sdw_dailink() check that sof_end->codec_info->add_sidecar\nis not NULL before calling it.\n\nThe original code assumed that if include_sidecar is true, the codec\non that link has an add_sidecar callback. But there could be other\ncodecs on the same link that do not have an add_sidecar callback.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/87cab86925b7fa4c1c977bc191ac549a3b23f0ea"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a5416c0fc9e77b69f853dfb1e78bc05a7c06a789"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/aea038062edfca9c6e5ddcecd4611d5a80113b4e"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:42Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-326w-gf89-vgpc/GHSA-326w-gf89-vgpc.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-326w-gf89-vgpc",
+  "modified": "2025-11-12T12:30:26Z",
+  "published": "2025-11-12T12:30:26Z",
+  "aliases": [
+    "CVE-2025-40113"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E\n\nThe ADSP firmware on X1E has separate firmware binaries for the main\nfirmware and the DTB. The same applies for the \"lite\" firmware loaded by\nthe boot firmware.\n\nWhen preparing to load the new ADSP firmware we shutdown the lite_pas_id\nfor the main firmware, but we don't shutdown the corresponding lite pas_id\nfor the DTB. The fact that we're leaving it \"running\" forever becomes\nobvious if you try to reuse (or just access) the memory region used by the\n\"lite\" firmware: The &adsp_boot_mem is accessible, but accessing the\n&adsp_boot_dtb_mem results in a crash.\n\nWe don't support reusing the memory regions currently, but nevertheless we\nshould not keep part of the lite firmware running. Fix this by adding the\nlite_dtb_pas_id and shutting it down as well.\n\nWe don't have a way to detect if the lite firmware is actually running yet,\nso ignore the return status of qcom_scm_pas_shutdown() for now. This was\nalready the case before, the assignment to \"ret\" is not used anywhere.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40113"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/142964960c7c35de5c5f7bdd61c32699de693630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ee150acd273aded01a726ce39b1f6128200799e6"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:40Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-336v-j3x2-qmh8/GHSA-336v-j3x2-qmh8.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-336v-j3x2-qmh8",
+  "modified": "2025-11-12T12:30:26Z",
+  "published": "2025-11-12T12:30:26Z",
+  "aliases": [
+    "CVE-2025-40119"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix potential null deref in ext4_mb_init()\n\nIn ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called\nwhen sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo\nslab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy()\nlacks null pointer checking, this leads to a null pointer dereference.\n\n==================================================================\nEXT4-fs: no memory for groupinfo slab cache\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0002 [#1] SMP PTI\nCPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none)\nRIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40\nCall Trace:\n <TASK>\n xa_destroy+0x61/0x130\n ext4_mb_init+0x483/0x540\n __ext4_fill_super+0x116d/0x17b0\n ext4_fill_super+0xd3/0x280\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x29/0xd0\n do_new_mount+0x197/0x300\n __x64_sys_mount+0x116/0x150\n do_syscall_64+0x50/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nTherefore, add necessary null check to ext4_mb_avg_fragment_size_destroy()\nto prevent this issue. The same fix is also applied to\next4_mb_largest_free_orders_destroy().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/00110f3cfc9b34b2dfee2a6c9e55a0ae6df125ae"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3fjx-g9c9-m3qf/GHSA-3fjx-g9c9-m3qf.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fjx-g9c9-m3qf",
+  "modified": "2025-11-12T12:30:27Z",
+  "published": "2025-11-12T12:30:27Z",
+  "aliases": [
+    "CVE-2025-40151"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: No support of struct argument in trampoline programs\n\nThe current implementation does not support struct argument. This causes\na oops when running bpf selftest:\n\n  $ ./test_progs -a tracing_struct\n  Oops[#1]:\n  CPU -1 Unable to handle kernel paging request at virtual address 0000000000000018, era == 9000000085bef268, ra == 90000000844f3938\n  rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n  rcu:     1-...0: (19 ticks this GP) idle=1094/1/0x4000000000000000 softirq=1380/1382 fqs=801\n  rcu:     (detected by 0, t=5252 jiffies, g=1197, q=52 ncpus=4)\n  Sending NMI from CPU 0 to CPUs 1:\n  rcu: rcu_preempt kthread starved for 2495 jiffies! g1197 f0x0 RCU_GP_DOING_FQS(6) ->state=0x0 ->cpu=2\n  rcu:     Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.\n  rcu: RCU grace-period kthread stack dump:\n  task:rcu_preempt     state:I stack:0     pid:15    tgid:15    ppid:2      task_flags:0x208040 flags:0x00000800\n  Stack : 9000000100423e80 0000000000000402 0000000000000010 90000001003b0680\n          9000000085d88000 0000000000000000 0000000000000040 9000000087159350\n          9000000085c2b9b0 0000000000000001 900000008704a000 0000000000000005\n          00000000ffff355b 00000000ffff355b 0000000000000000 0000000000000004\n          9000000085d90510 0000000000000000 0000000000000002 7b5d998f8281e86e\n          00000000ffff355c 7b5d998f8281e86e 000000000000003f 9000000087159350\n          900000008715bf98 0000000000000005 9000000087036000 900000008704a000\n          9000000100407c98 90000001003aff80 900000008715c4c0 9000000085c2b9b0\n          00000000ffff355b 9000000085c33d3c 00000000000000b4 0000000000000000\n          9000000007002150 00000000ffff355b 9000000084615480 0000000007000002\n          ...\n  Call Trace:\n  [<9000000085c2a868>] __schedule+0x410/0x1520\n  [<9000000085c2b9ac>] schedule+0x34/0x190\n  [<9000000085c33d38>] schedule_timeout+0x98/0x140\n  [<90000000845e9120>] rcu_gp_fqs_loop+0x5f8/0x868\n  [<90000000845ed538>] rcu_gp_kthread+0x260/0x2e0\n  [<900000008454e8a4>] kthread+0x144/0x238\n  [<9000000085c26b60>] ret_from_kernel_thread+0x28/0xc8\n  [<90000000844f20e4>] ret_from_kernel_thread_asm+0xc/0x88\n\n  rcu: Stack dump where RCU GP kthread last ran:\n  Sending NMI from CPU 0 to CPUs 2:\n  NMI backtrace for cpu 2 skipped: idling at idle_exit+0x0/0x4\n\nReject it for now.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40151"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d1158559315143e11bfaabcd4b2bea98c7ed1be9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e82406c7cbdd368c5459b8a45e118811d2ba0794"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3vr4-gx8q-4fgg/GHSA-3vr4-gx8q-4fgg.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vr4-gx8q-4fgg",
+  "modified": "2025-11-12T12:30:28Z",
+  "published": "2025-11-12T12:30:28Z",
+  "aliases": [
+    "CVE-2025-40170"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use dst_dev_rcu() in sk_setup_caps()\n\nUse RCU to protect accesses to dst->dev from sk_setup_caps()\nand sk_dst_gso_max_size().\n\nAlso use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),\nand ip_dst_mtu_maybe_forward().\n\nip4_dst_hoplimit() can use dst_dev_net_rcu().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40170"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/99a2ace61b211b0be861b07fbaa062fca4b58879"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a805729c0091073d8f0415cfa96c7acd1bc17a48"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:47Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3wr8-h4v3-7726/GHSA-3wr8-h4v3-7726.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3wr8-h4v3-7726",
+  "modified": "2025-11-12T12:30:26Z",
+  "published": "2025-11-12T12:30:26Z",
+  "aliases": [
+    "CVE-2025-40120"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock\n\nPrevent USB runtime PM (autosuspend) for AX88772* in bind.\n\nusbnet enables runtime PM (autosuspend) by default, so disabling it via\nthe usb_driver flag is ineffective. On AX88772B, autosuspend shows no\nmeasurable power saving with current driver (no link partner, admin\nup/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering\nthe PHY off on admin-down, not from USB autosuspend.\n\nThe real hazard is that with runtime PM enabled, ndo_open() (under RTNL)\nmay synchronously trigger autoresume (usb_autopm_get_interface()) into\nasix_resume() while the USB PM lock is held. Resume paths then invoke\nphylink/phylib and MDIO, which also expect RTNL, leading to possible\ndeadlocks or PM lock vs MDIO wake issues.\n\nTo avoid this, keep the device runtime-PM active by taking a usage\nreference in ax88772_bind() and dropping it in unbind(). A non-zero PM\nusage count blocks runtime suspend regardless of userspace policy\n(.../power/control - pm_runtime_allow/forbid), making this approach\nrobust against sysfs overrides.\n\nHolding a runtime-PM usage ref does not affect system-wide suspend;\nsystem sleep/resume callbacks continue to run as before.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40120"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1534517300e12f2930b6ff477b8820ff658afd11"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3d3c4cd5c62f24bb3cb4511b7a95df707635e00a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3e96cd27ff1a004d84908c1b6cc68ac60913874e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/71a0ba7fdaf8d035426912a4ed7bf1738a81010c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/724a9db84188f80ef60b1f21cc7b4e9c84e0cb64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9d8bcaf6fae1bd82bc27ec09a2694497e6f6c4b4"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-49qv-h8pm-73pf/GHSA-49qv-h8pm-73pf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49qv-h8pm-73pf",
+  "modified": "2025-11-12T12:30:28Z",
+  "published": "2025-11-12T12:30:28Z",
+  "aliases": [
+    "CVE-2025-12998"
+  ],
+  "details": "Improper Authentication vulnerability in TYPO3 Extension \"Modules\" codingms/modules.This issue affects Extension \"Modules\": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12998"
+    },
+    {
+      "type": "WEB",
+      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-015"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T12:15:39Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4g43-pmw7-v27w/GHSA-4g43-pmw7-v27w.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4g43-pmw7-v27w",
+  "modified": "2025-11-12T12:30:28Z",
+  "published": "2025-11-12T12:30:28Z",
+  "aliases": [
+    "CVE-2025-40158"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_output()\n\nUse RCU in ip6_output() in order to use dst_dev_rcu() to prevent\npossible UAF.\n\nWe can remove rcu_read_lock()/rcu_read_unlock() pairs\nfrom ip6_finish_output2().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40158"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0393f85c3241c19ba8550f04a812e7d19f6b3082"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/11709573cc4e48dc34c80fc7ab9ce5b159e29695"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4q72-fmc6-pw53/GHSA-4q72-fmc6-pw53.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4q72-fmc6-pw53",
+  "modified": "2025-11-12T12:30:26Z",
+  "published": "2025-11-12T12:30:26Z",
+  "aliases": [
+    "CVE-2025-11454"
+  ],
+  "details": "The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with COntributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11454"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387807%40specific-content-for-mobile&new=3387807%40specific-content-for-mobile&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed99dfd-6ca6-41e7-a844-d53eec7068c1?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:38Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-5623-gpcg-4jj7/GHSA-5623-gpcg-4jj7.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5623-gpcg-4jj7",
+  "modified": "2025-11-12T12:30:26Z",
+  "published": "2025-11-12T12:30:26Z",
+  "aliases": [
+    "CVE-2025-40117"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl()\n\nCommit eefb83790a0d (\"misc: pci_endpoint_test: Add doorbell test case\")\nadded NO_BAR (-1) to the pci_barno enum which, in practical terms,\nchanges the enum from an unsigned int to a signed int.  If the user\npasses a negative number in pci_endpoint_test_ioctl() then it results in\nan array underflow in pci_endpoint_test_bar().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40117"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1ad82f9db13d85667366044acdfb02009d576c5a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6df3687922570f753574c40b35e83b26b32292d0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T11:15:41Z"
+  }
+}