Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/11/GHSA-g32m-3vwh-7rwr/GHSA-g32m-3vwh-7rwr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g32m-3vwh-7rwr",
-  "modified": "2024-11-09T12:30:48Z",
+  "modified": "2025-10-08T15:32:23Z",
   "published": "2024-11-09T12:30:47Z",
   "aliases": [
     "CVE-2024-50218"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline.  There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-09T11:15:07Z"

advisories/unreviewed/2024/11/GHSA-hjq2-6cr9-pgcj/GHSA-hjq2-6cr9-pgcj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hjq2-6cr9-pgcj",
-  "modified": "2024-11-09T12:30:47Z",
+  "modified": "2025-10-08T15:32:23Z",
   "published": "2024-11-09T12:30:47Z",
   "aliases": [
     "CVE-2024-50216"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix finding a last resort AG in xfs_filestream_pick_ag\n\nWhen the main loop in xfs_filestream_pick_ag fails to find a suitable\nAG it tries to just pick the online AG.  But the loop for that uses\nargs->pag as loop iterator while the later code expects pag to be\nset.  Fix this by reusing the max_pag case for this last resort, and\nalso add a check for impossible case of no AG just to make sure that\nthe uninitialized pag doesn't even escape in theory.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-09T11:15:06Z"

advisories/unreviewed/2024/11/GHSA-phjj-9p2g-26h9/GHSA-phjj-9p2g-26h9.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-116"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/11/GHSA-q4xx-hhq8-9f85/GHSA-q4xx-hhq8-9f85.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4xx-hhq8-9f85",
-  "modified": "2024-11-19T03:31:08Z",
+  "modified": "2025-10-08T15:32:23Z",
   "published": "2024-11-19T03:31:08Z",
   "aliases": [
     "CVE-2024-50289"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-19T02:16:31Z"

advisories/unreviewed/2024/11/GHSA-xr85-qg34-q2mx/GHSA-xr85-qg34-q2mx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xr85-qg34-q2mx",
-  "modified": "2024-11-19T03:31:08Z",
+  "modified": "2025-10-08T15:32:24Z",
   "published": "2024-11-19T03:31:08Z",
   "aliases": [
     "CVE-2024-50295"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc: fix the device for dma_map_single/dma_unmap_single\n\nThe ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent\nwhich has dma_mask, ndev->dev.parent is just pdev->dev.\nOr it would cause the following issue:\n\n[   39.933526] ------------[ cut here ]------------\n[   39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-19T02:16:31Z"

advisories/unreviewed/2024/12/GHSA-2f9p-c2rc-cff7/GHSA-2f9p-c2rc-cff7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2f9p-c2rc-cff7",
-  "modified": "2024-12-27T15:31:50Z",
+  "modified": "2025-10-08T15:32:24Z",
   "published": "2024-12-27T15:31:50Z",
   "aliases": [
     "CVE-2024-53167"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs/blocklayout: Don't attempt unregister for invalid block device\n\nSince commit d869da91cccb (\"nfs/blocklayout: Fix premature PR key\nunregistration\") an unmount of a pNFS SCSI layout-enabled NFS may\ndereference a NULL block_device in:\n\n  bl_unregister_scsi+0x16/0xe0 [blocklayoutdriver]\n  bl_free_device+0x70/0x80 [blocklayoutdriver]\n  bl_free_deviceid_node+0x12/0x30 [blocklayoutdriver]\n  nfs4_put_deviceid_node+0x60/0xc0 [nfsv4]\n  nfs4_deviceid_purge_client+0x132/0x190 [nfsv4]\n  unset_pnfs_layoutdriver+0x59/0x60 [nfsv4]\n  nfs4_destroy_server+0x36/0x70 [nfsv4]\n  nfs_free_server+0x23/0xe0 [nfs]\n  deactivate_locked_super+0x30/0xb0\n  cleanup_mnt+0xba/0x150\n  task_work_run+0x59/0x90\n  syscall_exit_to_user_mode+0x217/0x220\n  do_syscall_64+0x8e/0x160\n\nThis happens because even though we were able to create the\nnfs4_deviceid_node, the lookup for the device was unable to attach the\nblock device to the pnfs_block_dev.\n\nIf we never found a block device to register, we can avoid this case with\nthe PNFS_BDEV_REGISTERED flag.  Move the deref behind the test for the\nflag.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-27T14:15:23Z"

advisories/unreviewed/2024/12/GHSA-3598-6xhq-v9q3/GHSA-3598-6xhq-v9q3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3598-6xhq-v9q3",
-  "modified": "2024-12-27T15:31:53Z",
+  "modified": "2025-10-08T15:32:25Z",
   "published": "2024-12-27T15:31:53Z",
   "aliases": [
     "CVE-2024-56539"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[  356.775250] ------------[ cut here ]------------\n[  356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv->ssid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[  356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n    ssid_len = user_scan_in->ssid_list[i].ssid_len;\n    [...]\n    memcpy(wildcard_ssid_tlv->ssid,\n           user_scan_in->ssid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn't account for the size of the one-element\narray, so it doesn't need to be changed.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -53,7 +58,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-27T14:15:33Z"

advisories/unreviewed/2024/12/GHSA-44hx-9778-xh92/GHSA-44hx-9778-xh92.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-44hx-9778-xh92",
-  "modified": "2024-12-27T15:31:52Z",
+  "modified": "2025-10-08T15:32:25Z",
   "published": "2024-12-27T15:31:52Z",
   "aliases": [
     "CVE-2024-53220"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to account dirty data in __get_secs_required()\n\nIt will trigger system panic w/ testcase in [1]:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2752!\nRIP: 0010:new_curseg+0xc81/0x2110\nCall Trace:\n f2fs_allocate_data_block+0x1c91/0x4540\n do_write_page+0x163/0xdf0\n f2fs_outplace_write_data+0x1aa/0x340\n f2fs_do_write_data_page+0x797/0x2280\n f2fs_write_single_data_page+0x16cd/0x2190\n f2fs_write_cache_pages+0x994/0x1c80\n f2fs_write_data_pages+0x9cc/0xea0\n do_writepages+0x194/0x7a0\n filemap_fdatawrite_wbc+0x12b/0x1a0\n __filemap_fdatawrite_range+0xbb/0xf0\n file_write_and_wait_range+0xa1/0x110\n f2fs_do_sync_file+0x26f/0x1c50\n f2fs_sync_file+0x12b/0x1d0\n vfs_fsync_range+0xfa/0x230\n do_fsync+0x3d/0x80\n __x64_sys_fsync+0x37/0x50\n x64_sys_call+0x1e88/0x20d0\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is if checkpoint_disabling and lfs_mode are both on,\nit will trigger OPU for all overwritten data, it may cost more free\nsegment than expected, so f2fs must account those data correctly to\ncalculate cosumed free segments later, and return ENOSPC earlier to\navoid run out of free segment during block allocation.\n\n[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-27T14:15:30Z"

advisories/unreviewed/2024/12/GHSA-4vvx-v299-79g8/GHSA-4vvx-v299-79g8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4vvx-v299-79g8",
-  "modified": "2025-01-09T18:32:13Z",
+  "modified": "2025-10-08T15:32:24Z",
   "published": "2024-12-27T15:31:50Z",
   "aliases": [
     "CVE-2024-53164"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -45,7 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-27T14:15:23Z"

advisories/unreviewed/2024/12/GHSA-4xvw-5j63-2hjx/GHSA-4xvw-5j63-2hjx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4xvw-5j63-2hjx",
-  "modified": "2024-12-24T12:30:43Z",
+  "modified": "2025-10-08T15:32:24Z",
   "published": "2024-12-24T12:30:42Z",
   "aliases": [
     "CVE-2024-53153"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()\n\nCurrently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF\ndeinit notify function pci_epc_deinit_notify() are called during the\nexecution of qcom_pcie_perst_assert() i.e., when the host has asserted\nPERST#. But quickly after this step, refclk will also be disabled by the\nhost.\n\nAll of the Qcom endpoint SoCs supported as of now depend on the refclk from\nthe host for keeping the controller operational. Due to this limitation,\nany access to the hardware registers in the absence of refclk will result\nin a whole endpoint crash. Unfortunately, most of the controller cleanups\nrequire accessing the hardware registers (like eDMA cleanup performed in\ndw_pcie_ep_cleanup(), powering down MHI EPF etc...). So these cleanup\nfunctions are currently causing the crash in the endpoint SoC once host\nasserts PERST#.\n\nOne way to address this issue is by generating the refclk in the endpoint\nitself and not depending on the host. But that is not always possible as\nsome of the endpoint designs do require the endpoint to consume refclk from\nthe host (as I was told by the Qcom engineers).\n\nThus, fix this crash by moving the controller cleanups to the start of\nthe qcom_pcie_perst_deassert() function. qcom_pcie_perst_deassert() is\ncalled whenever the host has deasserted PERST# and it is guaranteed that\nthe refclk would be active at this point. So at the start of this function\n(after enabling resources), the controller cleanup can be performed. Once\nfinished, rest of the code execution for PERST# deassert can continue as\nusual.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-24T12:15:23Z"