Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/03/GHSA-2x4w-2j26-p5hx/GHSA-2x4w-2j26-p5hx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x4w-2j26-p5hx",
-  "modified": "2025-03-13T15:32:55Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-07T09:30:35Z",
   "aliases": [
     "CVE-2025-21835"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing.  But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-07T09:15:16Z"

advisories/unreviewed/2025/03/GHSA-3cmq-72j9-674j/GHSA-3cmq-72j9-674j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cmq-72j9-674j",
-  "modified": "2025-03-06T18:31:11Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-06T18:31:11Z",
   "aliases": [
     "CVE-2025-21834"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nseccomp: passthrough uretprobe systemcall without filtering\n\nWhen attaching uretprobes to processes running inside docker, the attached\nprocess is segfaulted when encountering the retprobe.\n\nThe reason is that now that uretprobe is a system call the default seccomp\nfilters in docker block it as they only allow a specific set of known\nsyscalls. This is true for other userspace applications which use seccomp\nto control their syscall surface.\n\nSince uretprobe is a \"kernel implementation detail\" system call which is\nnot used by userspace application code directly, it is impractical and\nthere's very little point in forcing all userspace applications to\nexplicitly allow it in order to avoid crashing tracked processes.\n\nPass this systemcall through seccomp without depending on configuration.\n\nNote: uretprobe is currently only x86_64 and isn't expected to ever be\nsupported in i386.\n\n[kees: minimized changes for easier backporting, tweaked commit log]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T17:15:23Z"

advisories/unreviewed/2025/03/GHSA-3w57-3p47-w8ch/GHSA-3w57-3p47-w8ch.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3w57-3p47-w8ch",
-  "modified": "2025-03-27T15:31:08Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-27T15:31:08Z",
   "aliases": [
     "CVE-2025-21868"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: allow small head cache usage with large MAX_SKB_FRAGS values\n\nSabrina reported the following splat:\n\n    WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0\n    Modules linked in:\n    CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc1-net-00092-g011b03359038 #996\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n    RIP: 0010:netif_napi_add_weight_locked+0x8f2/0xba0\n    Code: e8 c3 e6 6a fe 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc c7 44 24 10 ff ff ff ff e9 8f fb ff ff e8 9e e6 6a fe <0f> 0b e9 d3 fe ff ff e8 92 e6 6a fe 48 8b 04 24 be ff ff ff ff 48\n    RSP: 0000:ffffc9000001fc60 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff88806ce48128 RCX: 1ffff11001664b9e\n    RDX: ffff888008f00040 RSI: ffffffff8317ca42 RDI: ffff88800b325cb6\n    RBP: ffff88800b325c40 R08: 0000000000000001 R09: ffffed100167502c\n    R10: ffff88800b3a8163 R11: 0000000000000000 R12: ffff88800ac1c168\n    R13: ffff88800ac1c168 R14: ffff88800ac1c168 R15: 0000000000000007\n    FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: ffff888008201000 CR3: 0000000004c94001 CR4: 0000000000370ef0\n    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n    Call Trace:\n    <TASK>\n    gro_cells_init+0x1ba/0x270\n    xfrm_input_init+0x4b/0x2a0\n    xfrm_init+0x38/0x50\n    ip_rt_init+0x2d7/0x350\n    ip_init+0xf/0x20\n    inet_init+0x406/0x590\n    do_one_initcall+0x9d/0x2e0\n    do_initcalls+0x23b/0x280\n    kernel_init_freeable+0x445/0x490\n    kernel_init+0x20/0x1d0\n    ret_from_fork+0x46/0x80\n    ret_from_fork_asm+0x1a/0x30\n    </TASK>\n    irq event stamp: 584330\n    hardirqs last  enabled at (584338): [<ffffffff8168bf87>] __up_console_sem+0x77/0xb0\n    hardirqs last disabled at (584345): [<ffffffff8168bf6c>] __up_console_sem+0x5c/0xb0\n    softirqs last  enabled at (583242): [<ffffffff833ee96d>] netlink_insert+0x14d/0x470\n    softirqs last disabled at (583754): [<ffffffff8317c8cd>] netif_napi_add_weight_locked+0x77d/0xba0\n\non kernel built with MAX_SKB_FRAGS=45, where SKB_WITH_OVERHEAD(1024)\nis smaller than GRO_MAX_HEAD.\n\nSuch built additionally contains the revert of the single page frag cache\nso that napi_get_frags() ends up using the page frag allocator, triggering\nthe splat.\n\nNote that the underlying issue is independent from the mentioned\nrevert; address it ensuring that the small head cache will fit either TCP\nand GRO allocation and updating napi_alloc_skb() and __netdev_alloc_skb()\nto select kmalloc() usage for any allocation fitting such cache.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-27T14:15:47Z"

advisories/unreviewed/2025/03/GHSA-487h-mjh3-324w/GHSA-487h-mjh3-324w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-487h-mjh3-324w",
-  "modified": "2025-03-07T09:30:36Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-07T09:30:35Z",
   "aliases": [
     "CVE-2025-21841"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq/amd-pstate: Fix cpufreq_policy ref counting\n\namd_pstate_update_limits() takes a cpufreq_policy reference but doesn't\ndecrement the refcount in one of the exit paths, fix that.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-07T09:15:17Z"

advisories/unreviewed/2025/03/GHSA-583x-9h9h-f6f6/GHSA-583x-9h9h-f6f6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-583x-9h9h-f6f6",
-  "modified": "2025-03-07T09:30:36Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-07T09:30:35Z",
   "aliases": [
     "CVE-2025-21842"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: properly free gang_ctx_bo when failed to init user queue\n\nThe destructor of a gtt bo is declared as\nvoid amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj);\nWhich takes void** as the second parameter.\n\nGCC allows passing void* to the function because void* can be implicitly\ncasted to any other types, so it can pass compiling.\n\nHowever, passing this void* parameter into the function's\nexecution process(which expects void** and dereferencing void**)\nwill result in errors.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-07T09:15:17Z"

advisories/unreviewed/2025/03/GHSA-938p-f86v-9mg7/GHSA-938p-f86v-9mg7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-938p-f86v-9mg7",
-  "modified": "2025-03-06T18:31:11Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-06T18:31:11Z",
   "aliases": [
     "CVE-2025-21829"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n  <TASK>\n  ? show_regs.cold+0x1a/0x1f\n  ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n  ? __warn+0x84/0xd0\n  ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n  ? report_bug+0x105/0x180\n  ? handle_bug+0x46/0x80\n  ? exc_invalid_op+0x19/0x70\n  ? asm_exc_invalid_op+0x1b/0x20\n  ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n  ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n  rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n  ib_destroy_qp_user+0x118/0x190 [ib_core]\n  rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n  rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n  rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n  process_one_work+0x21d/0x3f0\n  worker_thread+0x4a/0x3c0\n  ? process_one_work+0x3f0/0x3f0\n  kthread+0xf0/0x120\n  ? kthread_complete_and_exit+0x20/0x20\n  ret_from_fork+0x22/0x30\n  </TASK>\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T17:15:22Z"

advisories/unreviewed/2025/03/GHSA-9h49-4vx3-2m5r/GHSA-9h49-4vx3-2m5r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9h49-4vx3-2m5r",
-  "modified": "2025-03-07T18:31:04Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-07T09:30:35Z",
   "aliases": [
     "CVE-2025-21838"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget->work\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n  device_del()\n    gadget_unbind_driver()\n      usb_gadget_disconnect_locked()\n        dwc3_gadget_pullup()\n\t  dwc3_gadget_soft_disconnect()\n\t    usb_gadget_set_state()\n\t      schedule_work(&gadget->work)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-07T09:15:16Z"

advisories/unreviewed/2025/03/GHSA-cwfx-m26m-rjc8/GHSA-cwfx-m26m-rjc8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cwfx-m26m-rjc8",
-  "modified": "2025-03-06T18:31:11Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-06T18:31:11Z",
   "aliases": [
     "CVE-2025-21832"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don't revert for -EIOCBQUEUED, like what is done in other\nspots.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T17:15:23Z"

advisories/unreviewed/2025/03/GHSA-fh4m-wrmp-8q2f/GHSA-fh4m-wrmp-8q2f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fh4m-wrmp-8q2f",
-  "modified": "2025-03-13T15:32:55Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-06T18:31:11Z",
   "aliases": [
     "CVE-2025-21830"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T17:15:22Z"

advisories/unreviewed/2025/03/GHSA-fvjc-2g3g-9pm4/GHSA-fvjc-2g3g-9pm4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fvjc-2g3g-9pm4",
-  "modified": "2025-03-27T15:31:08Z",
+  "modified": "2025-10-29T21:30:32Z",
   "published": "2025-03-27T15:31:08Z",
   "aliases": [
     "CVE-2025-21870"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same  stream name (sname) as\nthe ALH copier and in that case the copier->data is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w->private is valid\n2. the dai (and thus the copier) is ALH copier",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-27T14:15:48Z"