Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-5g36-x562-44f9/GHSA-5g36-x562-44f9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5g36-x562-44f9",
-  "modified": "2025-11-05T00:31:16Z",
+  "modified": "2025-12-10T18:30:20Z",
   "published": "2024-01-13T00:30:25Z",
   "aliases": [
     "CVE-2024-23301"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00011.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ"

advisories/unreviewed/2024/04/GHSA-8f6g-63pm-5fmx/GHSA-8f6g-63pm-5fmx.json

@@ -26,7 +26,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-1390"
+      "CWE-1390",
+      "CWE-284",
+      "CWE-287"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/04/GHSA-grqr-vjxq-x7g2/GHSA-grqr-vjxq-x7g2.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-908"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/03/GHSA-gcgr-r4x5-w79r/GHSA-gcgr-r4x5-w79r.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gcgr-r4x5-w79r",
-  "modified": "2025-11-03T21:33:04Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-03-04T21:30:57Z",
   "aliases": [
     "CVE-2025-1080"
   ],
   "details": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-362x-cqj5-vh62/GHSA-362x-cqj5-vh62.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-362x-cqj5-vh62",
-  "modified": "2025-09-17T15:30:38Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-17T15:30:37Z",
   "aliases": [
     "CVE-2022-50364"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: mux: reg: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref in resource_size(), if platform_get_resource()\nreturns NULL, move calling resource_size() after devm_ioremap_resource() that\nwill check 'res' to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-17T15:15:35Z"

advisories/unreviewed/2025/09/GHSA-422f-2r32-f82h/GHSA-422f-2r32-f82h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-422f-2r32-f82h",
-  "modified": "2025-09-16T18:31:27Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-16T18:31:27Z",
   "aliases": [
     "CVE-2023-53322"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Wait for io return on terminate rport\n\nSystem crash due to use after free.\nCurrent code allows terminate_rport_io to exit before making\nsure all IOs has returned. For FCP-2 device, IO's can hang\non in HW because driver has not tear down the session in FW at\nfirst sign of cable pull. When dev_loss_tmo timer pops,\nterminate_rport_io is called and upper layer is about to\nfree various resources. Terminate_rport_io trigger qla to do\nthe final cleanup, but the cleanup might not be fast enough where it\nleave qla still holding on to the same resource.\n\nWait for IO's to return to upper layer before resources are freed.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-16T17:15:38Z"

advisories/unreviewed/2025/09/GHSA-4hcm-79j9-x472/GHSA-4hcm-79j9-x472.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4hcm-79j9-x472",
-  "modified": "2025-09-17T15:30:38Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-17T15:30:38Z",
   "aliases": [
     "CVE-2022-50367"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode->i_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode->i_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-17T15:15:35Z"

advisories/unreviewed/2025/09/GHSA-5q8v-g9hq-mvpx/GHSA-5q8v-g9hq-mvpx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5q8v-g9hq-mvpx",
-  "modified": "2025-09-17T15:30:37Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-17T15:30:37Z",
   "aliases": [
     "CVE-2022-50354"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix kfd_process_device_init_vm error handling\n\nShould only destroy the ib_mem and let process cleanup worker to free\nthe outstanding BOs. Reset the pointer in pdd->qpd structure, to avoid\nNULL pointer access in process destroy worker.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n Call Trace:\n  amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel+0x46/0xb0 [amdgpu]\n  kfd_process_device_destroy_cwsr_dgpu+0x40/0x70 [amdgpu]\n  kfd_process_destroy_pdds+0x71/0x190 [amdgpu]\n  kfd_process_wq_release+0x2a2/0x3b0 [amdgpu]\n  process_one_work+0x2a1/0x600\n  worker_thread+0x39/0x3d0",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-17T15:15:34Z"

advisories/unreviewed/2025/09/GHSA-cjfm-hc6q-wr8h/GHSA-cjfm-hc6q-wr8h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cjfm-hc6q-wr8h",
-  "modified": "2025-09-17T15:30:37Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-17T15:30:37Z",
   "aliases": [
     "CVE-2022-50353"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: wmt-sdmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host(), besides, clk_disable_unprepare() also needs be called.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-17T15:15:33Z"

advisories/unreviewed/2025/09/GHSA-j338-p6p6-pp64/GHSA-j338-p6p6-pp64.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j338-p6p6-pp64",
-  "modified": "2025-09-17T15:30:37Z",
+  "modified": "2025-12-10T18:30:21Z",
   "published": "2025-09-17T15:30:37Z",
   "aliases": [
     "CVE-2022-50356"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sfb: fix null pointer access issue when sfb_init() fails\n\nWhen the default qdisc is sfb, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), sfb_reset() is invoked to clear resources.\nIn this case, the q->qdisc is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tsfb_init()\n\t\ttcf_block_get()          --->failed, q->qdisc is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tsfb_reset()\n\t\t\tqdisc_reset(q->qdisc)    --->q->qdisc is NULL\n\t\t\t\tops = qdisc->ops\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nRIP: 0010:qdisc_reset+0x2b/0x6f0\nCall Trace:\n<TASK>\nsfb_reset+0x37/0xd0\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f2164122d04\n</TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-17T15:15:34Z"