Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f4f45908947e · 2025-09-24T12:32:14.000Z
GHSA-f639-593q-rjgw GHSA-2hmj-97jw-28jh GHSA-5cg2-hfc8-xx57 GHSA-c27f-5hwr-hpfq GHSA-hhgh-xj97-6f9r GHSA-wxgw-p4p4-4xpp
diff --git a/advisories/unreviewed/2024/05/GHSA-f639-593q-rjgw/GHSA-f639-593q-rjgw.json b/advisories/unreviewed/2024/05/GHSA-f639-593q-rjgw/GHSA-f639-593q-rjgw.json
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f639-593q-rjgw",
-  "modified": "2024-05-22T09:31:45Z",
+  "modified": "2025-09-24T12:30:20Z",
   "published": "2024-05-22T09:31:45Z",
   "aliases": [
     "CVE-2021-47460"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after conversion from inline format\n\nCommit 6dbf7bb55598 (\"fs: Don't invalidate page buffers in\nblock_write_full_page()\") uncovered a latent bug in ocfs2 conversion\nfrom inline inode format to a normal inode format.\n\nThe code in ocfs2_convert_inline_data_to_extents() attempts to zero out\nthe whole cluster allocated for file data by grabbing, zeroing, and\ndirtying all pages covering this cluster.  However these pages are\nbeyond i_size, thus writeback code generally ignores these dirty pages\nand no blocks were ever actually zeroed on the disk.\n\nThis oversight was fixed by commit 693c241a5f6a (\"ocfs2: No need to zero\npages past i_size.\") for standard ocfs2 write path, inline conversion\npath was apparently forgotten; the commit log also has a reasoning why\nthe zeroing actually is not needed.\n\nAfter commit 6dbf7bb55598, things became worse as writeback code stopped\ninvalidating buffers on pages beyond i_size and thus these pages end up\nwith clean PageDirty bit but with buffers attached to these pages being\nstill dirty.  So when a file is converted from inline format, then\nwriteback triggers, and then the file is grown so that these pages\nbecome valid, the invalid dirtiness state is preserved,\nmark_buffer_dirty() does nothing on these pages (buffers are already\ndirty) but page is never written back because it is clean.  So data\nwritten to these pages is lost once pages are reclaimed.\n\nSimple reproducer for the problem is:\n\n  xfs_io -f -c \"pwrite 0 2000\" -c \"pwrite 2000 2000\" -c \"fsync\" \\\n    -c \"pwrite 4000 2000\" ocfs2_file\n\nAfter unmounting and mounting the fs again, you can observe that end of\n'ocfs2_file' has lost its contents.\n\nFix the problem by not doing the pointless zeroing during conversion\nfrom inline format similarly as in the standard write path.\n\n[akpm@linux-foundation.org: fix whitespace, per Joseph]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -45,7 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-05-22T07:15:10Z"
diff --git a/advisories/unreviewed/2025/09/GHSA-2hmj-97jw-28jh/GHSA-2hmj-97jw-28jh.json b/advisories/unreviewed/2025/09/GHSA-2hmj-97jw-28jh/GHSA-2hmj-97jw-28jh.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hmj-97jw-28jh",
+  "modified": "2025-09-24T12:30:20Z",
+  "published": "2025-09-24T12:30:20Z",
+  "aliases": [
+    "CVE-2025-58457"
+  ],
+  "details": "Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions.\n\nThis issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4.\n\nUsers are recommended to upgrade to version 3.9.4, which fixes the issue.\n\nThe issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58457"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-280"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T10:15:28Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-5cg2-hfc8-xx57/GHSA-5cg2-hfc8-xx57.json b/advisories/unreviewed/2025/09/GHSA-5cg2-hfc8-xx57/GHSA-5cg2-hfc8-xx57.json
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5cg2-hfc8-xx57",
+  "modified": "2025-09-24T12:30:20Z",
+  "published": "2025-09-24T12:30:20Z",
+  "aliases": [
+    "CVE-2025-39890"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_service_ready_ext_event\n\nCurrently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps\nis not freed in the failure case, causing a memory leak. The following\ntrace is observed in kmemleak:\n\nunreferenced object 0xffff8b3eb5789c00 (size 1024):\n comm \"softirq\", pid 0, jiffies 4294942577\n hex dump (first 32 bytes):\n   00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10  ............{...\n   01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00  .............8..\n backtrace (crc 44e1c357):\n   __kmalloc_noprof+0x30b/0x410\n   ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k]\n   ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n   ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k]\n   ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n   ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k]\n   ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k]\n   ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k]\n   ath12k_ce_recv_process_cb+0x218/0x300 [ath12k]\n   ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k]\n   process_one_work+0x219/0x680\n   bh_worker+0x198/0x1f0\n   tasklet_action+0x13/0x30\n   handle_softirqs+0xca/0x460\n   __irq_exit_rcu+0xbe/0x110\n   irq_exit_rcu+0x9/0x30\n\nFree svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39890"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1089f65b2de78c7837ef6b4f26146a5a5b0b9749"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3a392f874ac83a77ad0e53eb8aafdbeb787c9298"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/89142d34d5602c7447827beb181fa06eb08b9d5c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/99dbad1b01d3b2f361a9db55c1af1212be497a3d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T11:15:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-c27f-5hwr-hpfq/GHSA-c27f-5hwr-hpfq.json b/advisories/unreviewed/2025/09/GHSA-c27f-5hwr-hpfq/GHSA-c27f-5hwr-hpfq.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c27f-5hwr-hpfq",
+  "modified": "2025-09-24T12:30:21Z",
+  "published": "2025-09-24T12:30:21Z",
+  "aliases": [
+    "CVE-2025-9054"
+  ],
+  "details": "The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlim_settings_ajax_handler' function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9054"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codecanyon.net/item/woocommerce-multi-locations-inventory-management/28949586#item-description__changelog"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a04e6ad-9365-4cb5-a0a0-82e047647d6b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T12:15:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-hhgh-xj97-6f9r/GHSA-hhgh-xj97-6f9r.json b/advisories/unreviewed/2025/09/GHSA-hhgh-xj97-6f9r/GHSA-hhgh-xj97-6f9r.json
@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hhgh-xj97-6f9r",
+  "modified": "2025-09-24T12:30:20Z",
+  "published": "2025-09-24T12:30:20Z",
+  "aliases": [
+    "CVE-2025-39889"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Check encryption key size on incoming connection\n\nThis is required for passing GAP/SEC/SEM/BI-04-C PTS test case:\n  Security Mode 4 Level 4, Responder - Invalid Encryption Key Size\n  - 128 bit\n\nThis tests the security key with size from 1 to 15 bytes while the\nSecurity Mode 4 Level 4 requests 16 bytes key size.\n\nCurrently PTS fails with the following logs:\n- expected:Connection Response:\n    Code: [3 (0x03)] Code\n    Identifier: (lt)WildCard: Exists(gt)\n    Length: [8 (0x0008)]\n    Destination CID: (lt)WildCard: Exists(gt)\n    Source CID: [64 (0x0040)]\n    Result: [3 (0x0003)] Connection refused - Security block\n    Status: (lt)WildCard: Exists(gt),\nbut received:Connection Response:\n    Code: [3 (0x03)] Code\n    Identifier: [1 (0x01)]\n    Length: [8 (0x0008)]\n    Destination CID: [64 (0x0040)]\n    Source CID: [64 (0x0040)]\n    Result: [0 (0x0000)] Connection Successful\n    Status: [0 (0x0000)] No further information available\n\nAnd HCI logs:\n< HCI Command: Read Encrypti.. (0x05|0x0008) plen 2\n        Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n> HCI Event: Command Complete (0x0e) plen 7\n      Read Encryption Key Size (0x05|0x0008) ncmd 1\n        Status: Success (0x00)\n        Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n        Key size: 7\n> ACL Data RX: Handle 14 flags 0x02 dlen 12\n      L2CAP: Connection Request (0x02) ident 1 len 4\n        PSM: 4097 (0x1001)\n        Source CID: 64\n< ACL Data TX: Handle 14 flags 0x00 dlen 16\n      L2CAP: Connection Response (0x03) ident 1 len 8\n        Destination CID: 64\n        Source CID: 64\n        Result: Connection successful (0x0000)\n        Status: No further information available (0x0000)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39889"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/24b2cdfc16e9bd6ab3d03b8e01c590755bd3141f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/522e9ed157e3c21b4dd623c79967f72c21e45b78"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9e3114958d87ea88383cbbf38c89e04b8ea1bce5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c6d527bbd3d3896375079f5dbc8b7f96734a3ba5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d49798ecd26e0ee7995a7fc1e90ca5cd9b4402d6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d4ca2fd218caafbf50e3343ba1260c6a23b5676a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T11:15:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-wxgw-p4p4-4xpp/GHSA-wxgw-p4p4-4xpp.json b/advisories/unreviewed/2025/09/GHSA-wxgw-p4p4-4xpp/GHSA-wxgw-p4p4-4xpp.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wxgw-p4p4-4xpp",
+  "modified": "2025-09-24T12:30:20Z",
+  "published": "2025-09-24T12:30:20Z",
+  "aliases": [
+    "CVE-2024-58241"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Disable works on hci_unregister_dev\n\nThis make use of disable_work_* on hci_unregister_dev since the hci_dev is\nabout to be freed new submissions are not disarable.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58241"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/989fa5171f005ecf63440057218d8aeb1795287d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/cfdb13a54e05eb98d9940cb6d1a13e7f994d811f"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T11:15:31Z"
+  }
+}
