admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-16 15:00:36 +00:00
parent 145954c6f7
commit 2f450fa1f3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
96 changed files with 9876 additions and 312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/5xxx/CVE-2020-5504.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html",
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
},
{
"refsource": "MISC",
"name": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"
}
]
}

5
2021/40xxx/CVE-2021-40617.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/OS4ED/openSIS-Classic/issues/192",
"refsource": "MISC",
"name": "https://github.com/OS4ED/openSIS-Classic/issues/192"
},
{
"refsource": "MISC",
"name": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2021-40617.md",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2021-40617.md"
}
]
}

5
2023/30xxx/CVE-2023-30258.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-30258.md",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-30258.md"
}
]
}

5
2023/33xxx/CVE-2023-33362.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Piwigo/Piwigo/issues/1911",
"refsource": "MISC",
"name": "https://github.com/Piwigo/Piwigo/issues/1911"
},
{
"refsource": "MISC",
"name": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-33362.md",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-33362.md"
}
]
}

169
2023/53xxx/CVE-2023-53034.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\n\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n\n[ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[ 23.734158] ================================================================================\n[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[ 23.734418] shift exponent -1 is negative\n\nEnsuring xlate_pos is a positive or zero before BIT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1e2fd202f8593985cdadca32e0c322f98e7fe7cb",
"version_value": "f56951f211f181410a383d305e8d370993e45294"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f56951f211f181410a383d305e8d370993e45294",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f56951f211f181410a383d305e8d370993e45294"
},
{
"url": "https://git.kernel.org/stable/c/5b6857bb3bfb0dae17fab1e42c1e82c204a508b1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b6857bb3bfb0dae17fab1e42c1e82c204a508b1"
},
{
"url": "https://git.kernel.org/stable/c/2429bdf26a0f3950fdd996861e9c1a3873af1dbe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2429bdf26a0f3950fdd996861e9c1a3873af1dbe"
},
{
"url": "https://git.kernel.org/stable/c/7ed22f8d8be26225a78cf5e85b2036421a6bf2d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7ed22f8d8be26225a78cf5e85b2036421a6bf2d5"
},
{
"url": "https://git.kernel.org/stable/c/c61a3f2df162ba424be0141649a9ef5f28eaccc1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c61a3f2df162ba424be0141649a9ef5f28eaccc1"
},
{
"url": "https://git.kernel.org/stable/c/cb153bdc1812a3375639ed6ca5f147eaefb65349",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb153bdc1812a3375639ed6ca5f147eaefb65349"
},
{
"url": "https://git.kernel.org/stable/c/36d32cfb00d42e865396424bb5d340fc0a28870d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/36d32cfb00d42e865396424bb5d340fc0a28870d"
},
{
"url": "https://git.kernel.org/stable/c/0df2e03e4620548b41891b4e0d1bd9d2e0d8a39a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0df2e03e4620548b41891b4e0d1bd9d2e0d8a39a"
},
{
"url": "https://git.kernel.org/stable/c/de203da734fae00e75be50220ba5391e7beecdf9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de203da734fae00e75be50220ba5391e7beecdf9"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

5
2024/41xxx/CVE-2024-41357.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/phpipam/phpipam/issues/4149",
"refsource": "MISC",
"name": "https://github.com/phpipam/phpipam/issues/4149"
},
{
"refsource": "MISC",
"name": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41357.md",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41357.md"
}
]
}

81
2024/58xxx/CVE-2024-58093.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-58093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink->downstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "456d8aa37d0f56fc9e985e812496e861dcd6f2f2",
"version_value": "cbf937dcadfd571a434f8074d057b32cd14fbea5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2024/58xxx/CVE-2024-58094.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-58094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk->sb)->log;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "f605bc3e162f5c6faa9bd3602ce496053d06a4bb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb"
},
{
"url": "https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2024/58xxx/CVE-2024-58095.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-58095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "15469c408af2d7a52fb186a92f2f091b0f13b1fb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb"
},
{
"url": "https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2024/58xxx/CVE-2024-58096.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-58096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng->lock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng->lock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng->lock for them to avoid such warnings.\n\nInorder to fetch the srng->lock, should change srng's definition from\n'void' to 'struct hal_srng'. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d5c65159f2895379e11ca13f62feabe93278985d",
"version_value": "b85758e76b6452740fc2a08ced6759af64c0d59a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a"
},
{
"url": "https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2024/58xxx/CVE-2024-58097.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-58097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d5c65159f2895379e11ca13f62feabe93278985d",
"version_value": "b4991fc41745645f8050506f5a8578bd11e6b378"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378"
},
{
"url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22024.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix management of listener transports\n\nCurrently, when no active threads are running, a root user using nfsdctl\ncommand can try to remove a particular listener from the list of previously\nadded ones, then start the server by increasing the number of threads,\nit leads to the following problem:\n\n[ 158.835354] refcount_t: addition on 0; use-after-free.\n[ 158.835603] WARNING: CPU: 2 PID: 9145 at lib/refcount.c:25 refcount_warn_saturate+0x160/0x1a0\n[ 158.836017] Modules linked in: rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd auth_rpcgss nfs_acl lockd grace overlay isofs uinput snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables qrtr sunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc videobuf2_v4l2 videodev videobuf2_common snd_hda_codec_generic mc e1000e snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore sg loop dm_multipath dm_mod nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs libcrc32c crct10dif_ce ghash_ce vmwgfx sha2_ce sha256_arm64 sr_mod sha1_ce cdrom nvme drm_client_lib drm_ttm_helper ttm nvme_core drm_kms_helper nvme_auth drm fuse\n[ 158.840093] CPU: 2 UID: 0 PID: 9145 Comm: nfsd Kdump: loaded Tainted: G B W 6.13.0-rc6+ #7\n[ 158.840624] Tainted: [B]=BAD_PAGE, [W]=WARN\n[ 158.840802] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024\n[ 158.841220] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 158.841563] pc : refcount_warn_saturate+0x160/0x1a0\n[ 158.841780] lr : refcount_warn_saturate+0x160/0x1a0\n[ 158.842000] sp : ffff800089be7d80\n[ 158.842147] x29: ffff800089be7d80 x28: ffff00008e68c148 x27: ffff00008e68c148\n[ 158.842492] x26: ffff0002e3b5c000 x25: ffff600011cd1829 x24: ffff00008653c010\n[ 158.842832] x23: ffff00008653c000 x22: 1fffe00011cd1829 x21: ffff00008653c028\n[ 158.843175] x20: 0000000000000002 x19: ffff00008653c010 x18: 0000000000000000\n[ 158.843505] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 158.843836] x14: 0000000000000000 x13: 0000000000000001 x12: ffff600050a26493\n[ 158.844143] x11: 1fffe00050a26492 x10: ffff600050a26492 x9 : dfff800000000000\n[ 158.844475] x8 : 00009fffaf5d9b6e x7 : ffff000285132493 x6 : 0000000000000001\n[ 158.844823] x5 : ffff000285132490 x4 : ffff600050a26493 x3 : ffff8000805e72bc\n[ 158.845174] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000098588000\n[ 158.845528] Call trace:\n[ 158.845658] refcount_warn_saturate+0x160/0x1a0 (P)\n[ 158.845894] svc_recv+0x58c/0x680 [sunrpc]\n[ 158.846183] nfsd+0x1fc/0x348 [nfsd]\n[ 158.846390] kthread+0x274/0x2f8\n[ 158.846546] ret_from_fork+0x10/0x20\n[ 158.846714] ---[ end trace 0000000000000000 ]---\n\nnfsd_nl_listener_set_doit() would manipulate the list of transports of\nserver's sv_permsocks and close the specified listener but the other\nlist of transports (server's sp_xprts list) would not be changed leading\nto the problem above.\n\nInstead, determined if the nfsdctl is trying to remove a listener, in\nwhich case, delete all the existing listener transports and re-create\nall-but-the-removed ones."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16a471177496c8e04a9793812c187a2c1a2192fa",
"version_value": "a84c80515ca8a0cdf6d06f1b6ca721224b08453e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a84c80515ca8a0cdf6d06f1b6ca721224b08453e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a84c80515ca8a0cdf6d06f1b6ca721224b08453e"
},
{
"url": "https://git.kernel.org/stable/c/052a34f093fb940a145493d1438e7abbfe507cdd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/052a34f093fb940a145493d1438e7abbfe507cdd"
},
{
"url": "https://git.kernel.org/stable/c/0f42df0ab2b11ea6b2884bdaf6dbc3be6dde7e82",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f42df0ab2b11ea6b2884bdaf6dbc3be6dde7e82"
},
{
"url": "https://git.kernel.org/stable/c/d093c90892607be505e801469d6674459e69ab89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d093c90892607be505e801469d6674459e69ab89"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

148
2025/22xxx/CVE-2025-22025.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n hex dump (first 32 bytes):\n 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........\n 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N..\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfsd4_process_open1+0x34/0x300\n nfsd4_open+0x2d1/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I....\n 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... .......\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfs4_alloc_stid+0x29/0x210\n alloc_init_deleg+0x92/0x2e0\n nfs4_set_delegation+0x284/0xc00\n nfs4_open_delegation+0x216/0x3f0\n nfsd4_process_open2+0x2b3/0xee0\n nfsd4_open+0x770/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "b874cdef4e67e5150e07eff0eae1cbb21fb92da1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b874cdef4e67e5150e07eff0eae1cbb21fb92da1"
},
{
"url": "https://git.kernel.org/stable/c/cdb796137c57e68ca34518d53be53b679351eb86",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cdb796137c57e68ca34518d53be53b679351eb86"
},
{
"url": "https://git.kernel.org/stable/c/d96587cc93ec369031bcd7658c6adc719873c9fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d96587cc93ec369031bcd7658c6adc719873c9fd"
},
{
"url": "https://git.kernel.org/stable/c/9a81cde8c7ce65dd90fb47ceea93a45fc1a2fbd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a81cde8c7ce65dd90fb47ceea93a45fc1a2fbd1"
},
{
"url": "https://git.kernel.org/stable/c/cad3479b63661a399c9df1d0b759e1806e2df3c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cad3479b63661a399c9df1d0b759e1806e2df3c8"
},
{
"url": "https://git.kernel.org/stable/c/63b91c8ff4589f5263873b24c052447a28e10ef7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63b91c8ff4589f5263873b24c052447a28e10ef7"
},
{
"url": "https://git.kernel.org/stable/c/133f5e2a37ce08c82d24e8fba65e0a81deae4609",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/133f5e2a37ce08c82d24e8fba65e0a81deae4609"
},
{
"url": "https://git.kernel.org/stable/c/230ca758453c63bd38e4d9f4a21db698f7abada8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/230ca758453c63bd38e4d9f4a21db698f7abada8"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

82
2025/22xxx/CVE-2025-22026.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't ignore the return code of svc_proc_register()\n\nCurrently, nfsd_proc_stat_init() ignores the return value of\nsvc_proc_register(). If the procfile creation fails, then the kernel\nwill WARN when it tries to remove the entry later.\n\nFix nfsd_proc_stat_init() to return the same type of pointer as\nsvc_proc_register(), and fix up nfsd_net_init() to check that and fail\nthe nfsd_net construction if it occurs.\n\nsvc_proc_register() can fail if the dentry can't be allocated, or if an\nidentical dentry already exists. The second case is pretty unlikely in\nthe nfsd_net construction codepath, so if this happens, return -ENOMEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "9d9456185fd5f1891c74354ee297f19538141ead"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead"
},
{
"url": "https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

136
2025/22xxx/CVE-2025-22027.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev->raw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev->raw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8e9e60640067858e8036d4d43bbf725c60613359",
"version_value": "30ef7cfee752ca318d5902cb67b60d9797ccd378"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.36",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.36",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/30ef7cfee752ca318d5902cb67b60d9797ccd378",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/30ef7cfee752ca318d5902cb67b60d9797ccd378"
},
{
"url": "https://git.kernel.org/stable/c/15483afb930fc2f883702dc96f80efbe4055235e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15483afb930fc2f883702dc96f80efbe4055235e"
},
{
"url": "https://git.kernel.org/stable/c/adf0ddb914c9e5b3e50da4c97959e82de2df75c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/adf0ddb914c9e5b3e50da4c97959e82de2df75c3"
},
{
"url": "https://git.kernel.org/stable/c/4db62b60af2ccdea6ac5452fd20e29587ed85f57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4db62b60af2ccdea6ac5452fd20e29587ed85f57"
},
{
"url": "https://git.kernel.org/stable/c/8760da4b9d44c36b93b6e4cf401ec7fe520015bd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8760da4b9d44c36b93b6e4cf401ec7fe520015bd"
},
{
"url": "https://git.kernel.org/stable/c/f656cfbc7a293a039d6a0c7100e1c846845148c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f656cfbc7a293a039d6a0c7100e1c846845148c1"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22028.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vimc: skip .s_stream() for stopped entities\n\nSyzbot reported [1] a warning prompted by a check in call_s_stream()\nthat checks whether .s_stream() operation is warranted for unstarted\nor stopped subdevs.\n\nAdd a simple fix in vimc_streamer_pipeline_terminate() ensuring that\nentities skip a call to .s_stream() unless they have been previously\nproperly started.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460\nModules linked in:\nCPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0\n...\nCall Trace:\n <TASK>\n vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62\n vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline]\n vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203\n vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256\n vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789\n vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348\n vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline]\n vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118\n __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122\n video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463\n v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2b85c01b19\n..."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "adc589d2a20808fb99d46a78175cd023f2040338",
"version_value": "845e9286ff99ee88cfdeb2b748f730003a512190"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/845e9286ff99ee88cfdeb2b748f730003a512190",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/845e9286ff99ee88cfdeb2b748f730003a512190"
},
{
"url": "https://git.kernel.org/stable/c/6f6064dab4dcfb7e34a395040a0c9dc22cc8765d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6f6064dab4dcfb7e34a395040a0c9dc22cc8765d"
},
{
"url": "https://git.kernel.org/stable/c/7a58d4c4cf8ff60ab1f93399deefaf6057da91c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a58d4c4cf8ff60ab1f93399deefaf6057da91c7"
},
{
"url": "https://git.kernel.org/stable/c/36cef585e2a31e4ddf33a004b0584a7a572246de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/36cef585e2a31e4ddf33a004b0584a7a572246de"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

115
2025/22xxx/CVE-2025-22029.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: fix the racy usage of fs_struct->in_exec\n\ncheck_unsafe_exec() sets fs->in_exec under cred_guard_mutex, then execve()\npaths clear fs->in_exec lockless. This is fine if exec succeeds, but if it\nfails we have the following race:\n\n\tT1 sets fs->in_exec = 1, fails, drops cred_guard_mutex\n\n\tT2 sets fs->in_exec = 1\n\n\tT1 clears fs->in_exec\n\n\tT2 continues with fs->in_exec == 0\n\nChange fs/exec.c to clear fs->in_exec with cred_guard_mutex held."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "753a620a7f8e134b444f89fe90873234e894e21a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/753a620a7f8e134b444f89fe90873234e894e21a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/753a620a7f8e134b444f89fe90873234e894e21a"
},
{
"url": "https://git.kernel.org/stable/c/e2d8e7bd3314485e0b3b08380c659b3d1d67ed6a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e2d8e7bd3314485e0b3b08380c659b3d1d67ed6a"
},
{
"url": "https://git.kernel.org/stable/c/a6b5070721503fb6021ebed51c925ffc66b1c5ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6b5070721503fb6021ebed51c925ffc66b1c5ab"
},
{
"url": "https://git.kernel.org/stable/c/b519f2e5800fe2391b7545ba6889df795828e885",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b519f2e5800fe2391b7545ba6889df795828e885"
},
{
"url": "https://git.kernel.org/stable/c/af7bb0d2ca459f15cb5ca604dab5d9af103643f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/af7bb0d2ca459f15cb5ca604dab5d9af103643f0"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

119
2025/22xxx/CVE-2025-22030.json
View File

@ -1,18 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()\n\nCurrently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding\nthe per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock\n(through crypto_exit_scomp_ops_async()).\n\nOn the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through\ncrypto_scomp_init_tfm()), and then allocates memory. If the allocation\nresults in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex.\n\nThe above dependencies can cause an ABBA deadlock. For example in the\nfollowing scenario:\n\n(1) Task A running on CPU #1:\n crypto_alloc_acomp_node()\n Holds scomp_lock\n Enters reclaim\n Reads per_cpu_ptr(pool->acomp_ctx, 1)\n\n(2) Task A is descheduled\n\n(3) CPU #1 goes offline\n zswap_cpu_comp_dead(CPU #1)\n Holds per_cpu_ptr(pool->acomp_ctx, 1))\n Calls crypto_free_acomp()\n Waits for scomp_lock\n\n(4) Task A running on CPU #2:\n Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1\n DEADLOCK\n\nSince there is no requirement to call crypto_free_acomp() with the per-CPU\nacomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is\nunlocked. Also move the acomp_request_free() and kfree() calls for\nconsistency and to avoid any potential sublte locking dependencies in the\nfuture.\n\nWith this, only setting acomp_ctx fields to NULL occurs with the mutex\nheld. This is similar to how zswap_cpu_comp_prepare() only initializes\nacomp_ctx fields with the mutex held, after performing all allocations\nbefore holding the mutex.\n\nOpportunistically, move the NULL check on acomp_ctx so that it takes place\nbefore the mutex dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8d29ff5d50304daa41dc3cfdda4a9d1e46cf5be1",
"version_value": "747e3eec1d7d124ea90ed3d7b85369df8b4e36d2"
},
{
"version_affected": "<",
"version_name": "12dcb0ef540629a281533f9dedc1b6b8e14cfb65",
"version_value": "a8d18000e9d2d97aaf105f5f9b3b0e8a6fbf8b96"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/747e3eec1d7d124ea90ed3d7b85369df8b4e36d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/747e3eec1d7d124ea90ed3d7b85369df8b4e36d2"
},
{
"url": "https://git.kernel.org/stable/c/a8d18000e9d2d97aaf105f5f9b3b0e8a6fbf8b96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8d18000e9d2d97aaf105f5f9b3b0e8a6fbf8b96"
},
{
"url": "https://git.kernel.org/stable/c/717d9c35deff6c33235693171bacbb03e9643fa4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/717d9c35deff6c33235693171bacbb03e9643fa4"
},
{
"url": "https://git.kernel.org/stable/c/c11bcbc0a517acf69282c8225059b2a8ac5fe628",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c11bcbc0a517acf69282c8225059b2a8ac5fe628"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

103
2025/22xxx/CVE-2025-22031.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion\n\nWhen BIOS neglects to assign bus numbers to PCI bridges, the kernel\nattempts to correct that during PCI device enumeration. If it runs out\nof bus numbers, no pci_bus is allocated and the \"subordinate\" pointer in\nthe bridge's pci_dev remains NULL.\n\nThe PCIe bandwidth controller erroneously does not check for a NULL\nsubordinate pointer and dereferences it on probe.\n\nBandwidth control of unusable devices below the bridge is of questionable\nutility, so simply error out instead. This mirrors what PCIe hotplug does\nsince commit 62e4492c3063 (\"PCI: Prevent NULL dereference during pciehp\nprobe\").\n\nThe PCI core emits a message with KERN_INFO severity if it has run out of\nbus numbers. PCIe hotplug emits an additional message with KERN_ERR\nseverity to inform the user that hotplug functionality is disabled at the\nbridge. A similar message for bandwidth control does not seem merited,\ngiven that its only purpose so far is to expose an up-to-date link speed\nin sysfs and throttle the link speed on certain laptops with limited\nThermal Design Power. So error out silently.\n\nUser-visible messages:\n\n pci 0000:16:02.0: bridge configuration invalid ([bus 00-00]), reconfiguring\n [...]\n pci_bus 0000:45: busn_res: [bus 45-74] end is updated to 74\n pci 0000:16:02.0: devices behind bridge are unusable because [bus 45-74] cannot be assigned for them\n [...]\n pcieport 0000:16:02.0: pciehp: Hotplug bridge without secondary bus, ignoring\n [...]\n BUG: kernel NULL pointer dereference\n RIP: pcie_update_link_speed\n pcie_bwnotif_enable\n pcie_bwnotif_probe\n pcie_port_probe_service\n really_probe"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "665745f274870c921020f610e2c99a3b1613519b",
"version_value": "d93d309013e89631630a12b1770d27e4be78362a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a"
},
{
"url": "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559"
},
{
"url": "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

124
2025/22xxx/CVE-2025-22032.json
View File

@ -1,18 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix kernel panic due to null pointer dereference\n\nAddress a kernel panic caused by a null pointer dereference in the\n`mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure\nis not properly initialized with the `sta` context. This patch ensures that the\n`deflink` structure is correctly linked to the `sta` context, preventing the\nnull pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000400\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1\n Hardware name: /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011\n RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000\n RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000\n R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119\n R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000\n FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0\n Call Trace:\n <TASK>\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? search_module_extables+0x19/0x60\n ? search_bpf_extables+0x5f/0x80\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common]\n mt76u_alloc_queues+0x784/0x810 [mt76_usb]\n ? __pfx___mt76_worker_fn+0x10/0x10 [mt76]\n __mt76_worker_fn+0x4f/0x80 [mt76]\n kthread+0xd2/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n ---[ end trace 0000000000000000 ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3fe7acc6f4b42ccb1056c5847f18f8eb2fec0834",
"version_value": "0cfea60966e4b1239d20bebf02258295e189e82a"
},
{
"version_affected": "<",
"version_name": "c9e40880416791287292046917e84bcb3a17e2d2",
"version_value": "effec50381991bc067acf4b3351a57831c74d27f"
},
{
"version_affected": "<",
"version_name": "90c10286b176421068b136da51ed83059a68e322",
"version_value": "5a57f8eb2a17d469d65cd1186cea26b798221d4a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a"
},
{
"url": "https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f"
},
{
"url": "https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a"
},
{
"url": "https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

136
2025/22xxx/CVE-2025-22033.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don't call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat's the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Mem abort info:\n ESR = 0x0000000086000006\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n Internal error: Oops: 0000000086000006 [#1] SMP\n Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa>\n libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c>\n CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1\n Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0x0\n lr : do_compat_alignment_fixup+0xd8/0x3dc\n sp : ffff80000f973dd0\n x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n Call trace:\n 0x0\n do_alignment_fault+0x40/0x50\n do_mem_abort+0x4c/0xa0\n el0_da+0x48/0xf0\n el0t_32_sync_handler+0x110/0x140\n el0t_32_sync+0x190/0x194\n Code: bad PC value\n ---[ end trace 0000000000000000 ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3fc24ef32d3b9368f4c103dcd21d6a3f959b4870",
"version_value": "cf187601053ecaf671ae645edb898901f81d03e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9"
},
{
"url": "https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990"
},
{
"url": "https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08"
},
{
"url": "https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9"
},
{
"url": "https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074"
},
{
"url": "https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22034.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs\n\nPatch series \"mm: fixes for device-exclusive entries (hmm)\", v2.\n\nDiscussing the PageTail() call in make_device_exclusive_range() with\nWilly, I recently discovered [1] that device-exclusive handling does not\nproperly work with THP, making the hmm-tests selftests fail if THPs are\nenabled on the system.\n\nLooking into more details, I found that hugetlb is not properly fenced,\nand I realized that something that was bugging me for longer -- how\ndevice-exclusive entries interact with mapcounts -- completely breaks\nmigration/swapout/split/hwpoison handling of these folios while they have\ndevice-exclusive PTEs.\n\nThe program below can be used to allocate 1 GiB worth of pages and making\nthem device-exclusive on a kernel with CONFIG_TEST_HMM.\n\nOnce they are device-exclusive, these folios cannot get swapped out\n(proc$pid/smaps_rollup will always indicate 1 GiB RSS no matter how much\none forces memory reclaim), and when having a memory block onlined to\nZONE_MOVABLE, trying to offline it will loop forever and complain about\nfailed migration of a page that should be movable.\n\n# echo offline > /sys/devices/system/memory/memory136/state\n# echo online_movable > /sys/devices/system/memory/memory136/state\n# ./hmm-swap &\n... wait until everything is device-exclusive\n# echo offline > /sys/devices/system/memory/memory136/state\n[ 285.193431][T14882] page: refcount:2 mapcount:0 mapping:0000000000000000\n index:0x7f20671f7 pfn:0x442b6a\n[ 285.196618][T14882] memcg:ffff888179298000\n[ 285.198085][T14882] anon flags: 0x5fff0000002091c(referenced|uptodate|\n dirty|active|owner_2|swapbacked|node=1|zone=3|lastcpupid=0x7ff)\n[ 285.201734][T14882] raw: ...\n[ 285.204464][T14882] raw: ...\n[ 285.207196][T14882] page dumped because: migration failure\n[ 285.209072][T14882] page_owner tracks the page as allocated\n[ 285.210915][T14882] page last allocated via order 0, migratetype\n Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO),\n id 14926, tgid 14926 (hmm-swap), ts 254506295376, free_ts 227402023774\n[ 285.216765][T14882] post_alloc_hook+0x197/0x1b0\n[ 285.218874][T14882] get_page_from_freelist+0x76e/0x3280\n[ 285.220864][T14882] __alloc_frozen_pages_noprof+0x38e/0x2740\n[ 285.223302][T14882] alloc_pages_mpol+0x1fc/0x540\n[ 285.225130][T14882] folio_alloc_mpol_noprof+0x36/0x340\n[ 285.227222][T14882] vma_alloc_folio_noprof+0xee/0x1a0\n[ 285.229074][T14882] __handle_mm_fault+0x2b38/0x56a0\n[ 285.230822][T14882] handle_mm_fault+0x368/0x9f0\n...\n\nThis series fixes all issues I found so far. There is no easy way to fix\nwithout a bigger rework/cleanup. I have a bunch of cleanups on top (some\nprevious sent, some the result of the discussion in v1) that I will send\nout separately once this landed and I get to it.\n\nI wish we could just use some special present PROT_NONE PTEs instead of\nthese (non-present, non-none) fake-swap entries; but that just results in\nthe same problem we keep having (lack of spare PTE bits), and staring at\nother similar fake-swap entries, that ship has sailed.\n\nWith this series, make_device_exclusive() doesn't actually belong into\nmm/rmap.c anymore, but I'll leave moving that for another day.\n\nI only tested this series with the hmm-tests selftests due to lack of HW,\nso I'd appreciate some testing, especially if the interaction between two\nGPUs wanting a device-exclusive entry works as expected.\n\n<program>\n#include <stdio.h>\n#include <fcntl.h>\n#include <stdint.h>\n#include <unistd.h>\n#include <stdlib.h>\n#include <string.h>\n#include <sys/mman.h>\n#include <sys/ioctl.h>\n#include <linux/types.h>\n#include <linux/ioctl.h>\n\n#define HMM_DMIRROR_EXCLUSIVE _IOWR('H', 0x05, struct hmm_dmirror_cmd)\n\nstruct hmm_dmirror_cmd {\n\t__u64 addr;\n\t__u64 ptr;\n\t__u64 npages;\n\t__u64 cpages;\n\t__u64 faults;\n};\n\nconst size_t size = 1 * 1024 * 1024 * 1024ul;\nconst size_t chunk_size = 2 * 1024 * 1024ul;\n\nint m\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9cb28da54643ad464c47585cd5866c30b0218e67",
"version_value": "2e877ff3492267def06dd50cb165dc9ab8838e7d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2e877ff3492267def06dd50cb165dc9ab8838e7d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e877ff3492267def06dd50cb165dc9ab8838e7d"
},
{
"url": "https://git.kernel.org/stable/c/48d28417c66cce2f3b0ba773fcb6695a56eff220",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/48d28417c66cce2f3b0ba773fcb6695a56eff220"
},
{
"url": "https://git.kernel.org/stable/c/fd900832e8440046627b60697687ab5d04398008",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd900832e8440046627b60697687ab5d04398008"
},
{
"url": "https://git.kernel.org/stable/c/8977752c8056a6a094a279004a49722da15bace3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8977752c8056a6a094a279004a49722da15bace3"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

189
2025/22xxx/CVE-2025-22035.json
View File

@ -1,18 +1,199 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix use-after-free in print_graph_function_flags during tracer switching\n\nKairui reported a UAF issue in print_graph_function_flags() during\nftrace stress testing [1]. This issue can be reproduced if puting a\n'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(),\nand executing the following script:\n\n $ echo function_graph > current_tracer\n $ cat trace > /dev/null &\n $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point\n $ echo timerlat > current_tracer\n\nThe root cause lies in the two calls to print_graph_function_flags\nwithin print_trace_line during each s_show():\n\n * One through 'iter->trace->print_line()';\n * Another through 'event->funcs->trace()', which is hidden in\n print_trace_fmt() before print_trace_line returns.\n\nTracer switching only updates the former, while the latter continues\nto use the print_line function of the old tracer, which in the script\nabove is print_graph_function_flags.\n\nMoreover, when switching from the 'function_graph' tracer to the\n'timerlat' tracer, s_start only calls graph_trace_close of the\n'function_graph' tracer to free 'iter->private', but does not set\nit to NULL. This provides an opportunity for 'event->funcs->trace()'\nto use an invalid 'iter->private'.\n\nTo fix this issue, set 'iter->private' to NULL immediately after\nfreeing it in graph_trace_close(), ensuring that an invalid pointer\nis not passed to other tracers. Additionally, clean up the unnecessary\n'iter->private = NULL' during each 'cat trace' when using wakeup and\nirqsoff tracers.\n\n [1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "05319d707732c728eb721ac616a50e7978eb499a",
"version_value": "42561fe62c3628ea3bc9623f64f047605e98857f"
},
{
"version_affected": "<",
"version_name": "b8205dfed68183dc1470e83863c5ded6d7fa30a9",
"version_value": "de7b309139f862a44379ecd96e93c9133c69f813"
},
{
"version_affected": "<",
"version_name": "ce6e2b14bc094866d9173db6935da2d752f06d8b",
"version_value": "81a85b12132c8ffe98f5ddbdc185481790aeaa1b"
},
{
"version_affected": "<",
"version_name": "2cb0c037c927db4ec928cc927488e52aa359786e",
"version_value": "a2cce54c1748216535dda02e185d07a084be837e"
},
{
"version_affected": "<",
"version_name": "eecb91b9f98d6427d4af5fdb8f108f52572a39e7",
"version_value": "099ef3385800828b74933a96c117574637c3fb3a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/42561fe62c3628ea3bc9623f64f047605e98857f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42561fe62c3628ea3bc9623f64f047605e98857f"
},
{
"url": "https://git.kernel.org/stable/c/de7b309139f862a44379ecd96e93c9133c69f813",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de7b309139f862a44379ecd96e93c9133c69f813"
},
{
"url": "https://git.kernel.org/stable/c/81a85b12132c8ffe98f5ddbdc185481790aeaa1b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81a85b12132c8ffe98f5ddbdc185481790aeaa1b"
},
{
"url": "https://git.kernel.org/stable/c/a2cce54c1748216535dda02e185d07a084be837e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a2cce54c1748216535dda02e185d07a084be837e"
},
{
"url": "https://git.kernel.org/stable/c/099ef3385800828b74933a96c117574637c3fb3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/099ef3385800828b74933a96c117574637c3fb3a"
},
{
"url": "https://git.kernel.org/stable/c/c85efe6e13743cac6ba4ccf144cb91f44c86231a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c85efe6e13743cac6ba4ccf144cb91f44c86231a"
},
{
"url": "https://git.kernel.org/stable/c/f14752d66056d0c7bffe5092130409417d3baa70",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f14752d66056d0c7bffe5092130409417d3baa70"
},
{
"url": "https://git.kernel.org/stable/c/70be951bc01e4a0e10d443f3510bb17426f257fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70be951bc01e4a0e10d443f3510bb17426f257fb"
},
{
"url": "https://git.kernel.org/stable/c/7f81f27b1093e4895e87b74143c59c055c3b1906",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7f81f27b1093e4895e87b74143c59c055c3b1906"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22036.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix random stack corruption after get_block\n\nWhen get_block is called with a buffer_head allocated on the stack, such\nas do_mpage_readpage, stack corruption due to buffer_head UAF may occur in\nthe following race condition situation.\n\n <CPU 0> <CPU 1>\nmpage_read_folio\n <<bh on stack>>\n do_mpage_readpage\n exfat_get_block\n bh_read\n __bh_read\n\t get_bh(bh)\n submit_bh\n wait_on_buffer\n ...\n end_buffer_read_sync\n __end_buffer_read_notouch\n unlock_buffer\n <<keep going>>\n ...\n ...\n ...\n ...\n<<bh is not valid out of mpage_read_folio>>\n .\n .\nanother_function\n <<variable A on stack>>\n put_bh(bh)\n atomic_dec(bh->b_count)\n * stack corruption here *\n\nThis patch returns -EAGAIN if a folio does not have buffers when bh_read\nneeds to be called. By doing this, the caller can fallback to functions\nlike block_read_full_folio(), create a buffer_head in the folio, and then\ncall get_block again.\n\nLet's do not call bh_read() with on-stack buffer_head."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "11a347fb6cef62ce47e84b97c45f2b2497c7593b",
"version_value": "49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2"
},
{
"url": "https://git.kernel.org/stable/c/f7447286363dc1e410bf30b87d75168f3519f9cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f7447286363dc1e410bf30b87d75168f3519f9cc"
},
{
"url": "https://git.kernel.org/stable/c/f807a6bf2005740fa26b4f59c4a003dc966b9afd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f807a6bf2005740fa26b4f59c4a003dc966b9afd"
},
{
"url": "https://git.kernel.org/stable/c/1bb7ff4204b6d4927e982cd256286c09ed4fd8ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1bb7ff4204b6d4927e982cd256286c09ed4fd8ca"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

104
2025/22xxx/CVE-2025-22037.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference in alloc_preauth_hash()\n\nThe Client send malformed smb2 negotiate request. ksmbd return error\nresponse. Subsequently, the client can send smb2 session setup even\nthought conn->preauth_info is not allocated.\nThis patch add KSMBD_SESS_NEED_SETUP status of connection to ignore\nsession setup request if smb2 negotiate phase is not complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad"
},
{
"url": "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d"
},
{
"url": "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335"
},
{
"url": "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

126
2025/22xxx/CVE-2025-22038.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate zero num_subauth before sub_auth is accessed\n\nAccess psid->sub_auth[psid->num_subauth - 1] without checking\nif num_subauth is non-zero leads to an out-of-bounds read.\nThis patch adds a validation step to ensure num_subauth != 0\nbefore sub_auth is accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "3ac65de111c686c95316ade660f8ba7aea3cd3cc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc"
},
{
"url": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283"
},
{
"url": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1"
},
{
"url": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002"
},
{
"url": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20"
},
{
"url": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

104
2025/22xxx/CVE-2025-22039.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix overflow in dacloffset bounds check\n\nThe dacloffset field was originally typed as int and used in an\nunchecked addition, which could overflow and bypass the existing\nbounds check in both smb_check_perm_dacl() and smb_inherit_dacl().\n\nThis could result in out-of-bounds memory access and a kernel crash\nwhen dereferencing the DACL pointer.\n\nThis patch converts dacloffset to unsigned int and uses\ncheck_add_overflow() to validate access to the DACL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc"
},
{
"url": "https://git.kernel.org/stable/c/6b8d379048b168a0dff5ab1acb975b933f368514",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b8d379048b168a0dff5ab1acb975b933f368514"
},
{
"url": "https://git.kernel.org/stable/c/443b373a4df5a2cb9f7b8c4658b2afedeb16397f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/443b373a4df5a2cb9f7b8c4658b2afedeb16397f"
},
{
"url": "https://git.kernel.org/stable/c/beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

126
2025/22xxx/CVE-2025-22040.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix session use-after-free in multichannel connection\n\nThere is a race condition between session setup and\nksmbd_sessions_deregister. The session can be freed before the connection\nis added to channel list of session.\nThis patch check reference count of session before freeing it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "596407adb9af1ee75fe7c7529607783d31b66e7f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f"
},
{
"url": "https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737"
},
{
"url": "https://git.kernel.org/stable/c/9069939d762138e232a6f79e3e1462682ed6a17d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9069939d762138e232a6f79e3e1462682ed6a17d"
},
{
"url": "https://git.kernel.org/stable/c/94c281721d4ed2d972232414b91d98a6f5bdb16b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/94c281721d4ed2d972232414b91d98a6f5bdb16b"
},
{
"url": "https://git.kernel.org/stable/c/7dfbd4c43eed91dd2548a95236908025707a8dfd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7dfbd4c43eed91dd2548a95236908025707a8dfd"
},
{
"url": "https://git.kernel.org/stable/c/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

126
2025/22xxx/CVE-2025-22041.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_sessions_deregister()\n\nIn multichannel mode, UAF issue can occur in session_deregister\nwhen the second channel sets up a session through the connection of\nthe first channel. session that is freed through the global session\ntable can be accessed again through ->sessions of connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "f0eb3f575138b816da74697bd506682574742fcd"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd"
},
{
"url": "https://git.kernel.org/stable/c/a8a8ae303a8395cbac270b5b404d85df6ec788f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8a8ae303a8395cbac270b5b404d85df6ec788f8"
},
{
"url": "https://git.kernel.org/stable/c/ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b"
},
{
"url": "https://git.kernel.org/stable/c/8ed0e9d2f410f63525afb8351181eea36c80bcf1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ed0e9d2f410f63525afb8351181eea36c80bcf1"
},
{
"url": "https://git.kernel.org/stable/c/33cc29e221df7a3085ae413e8c26c4e81a151153",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/33cc29e221df7a3085ae413e8c26c4e81a151153"
},
{
"url": "https://git.kernel.org/stable/c/15a9605f8d69dc85005b1a00c31a050b8625e1aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15a9605f8d69dc85005b1a00c31a050b8625e1aa"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

126
2025/22xxx/CVE-2025-22042.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for create lease context\n\nAdd missing bounds check for create lease context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "629dd37acc336ad778979361c351e782053ea284"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284"
},
{
"url": "https://git.kernel.org/stable/c/60b7207893a8a06c78441934931a08fdad63f18e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60b7207893a8a06c78441934931a08fdad63f18e"
},
{
"url": "https://git.kernel.org/stable/c/800c482c9ef5910f05e3a713943c67cc6c1d4939",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/800c482c9ef5910f05e3a713943c67cc6c1d4939"
},
{
"url": "https://git.kernel.org/stable/c/a41cd52f00907a040ca22c73d4805bb79b0d0972",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a41cd52f00907a040ca22c73d4805bb79b0d0972"
},
{
"url": "https://git.kernel.org/stable/c/9a1b6ea955e6c7b29939a6d98701202f9d9644ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a1b6ea955e6c7b29939a6d98701202f9d9644ec"
},
{
"url": "https://git.kernel.org/stable/c/bab703ed8472aa9d109c5f8c1863921533363dae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bab703ed8472aa9d109c5f8c1863921533363dae"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

115
2025/22xxx/CVE-2025-22043.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for durable handle context\n\nAdd missing bounds check for durable handle context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "8d4848c45943c9cf5e86142fd7347efa97f497db"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db"
},
{
"url": "https://git.kernel.org/stable/c/29b946714d6aa77de54c71243bba39469ac43ef2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29b946714d6aa77de54c71243bba39469ac43ef2"
},
{
"url": "https://git.kernel.org/stable/c/1107b9ed92194603593c51829a3887812ae9e806",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1107b9ed92194603593c51829a3887812ae9e806"
},
{
"url": "https://git.kernel.org/stable/c/f0db3d9d416e332a0d6f045a1509539d3a4cd898",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0db3d9d416e332a0d6f045a1509539d3a4cd898"
},
{
"url": "https://git.kernel.org/stable/c/542027e123fc0bfd61dd59e21ae0ee4ef2101b29",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/542027e123fc0bfd61dd59e21ae0ee4ef2101b29"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

158
2025/22xxx/CVE-2025-22044.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg->nd_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input. The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg->nd_family.\n\n[iweiny: update commit message]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6450ddbd5d8e83ea9927c7f9076a21f829699e0f",
"version_value": "4b65cff06a004ac54f6ea8886060f0d07b1ca055"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4b65cff06a004ac54f6ea8886060f0d07b1ca055",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b65cff06a004ac54f6ea8886060f0d07b1ca055"
},
{
"url": "https://git.kernel.org/stable/c/92ba06aef65522483784dcbd6697629ddbd4c4f9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92ba06aef65522483784dcbd6697629ddbd4c4f9"
},
{
"url": "https://git.kernel.org/stable/c/bae5b55e0f327102e78f6a66fb127275e9bc91b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bae5b55e0f327102e78f6a66fb127275e9bc91b6"
},
{
"url": "https://git.kernel.org/stable/c/c90402d2a226ff7afbe1d0650bee8ecc15a91049",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c90402d2a226ff7afbe1d0650bee8ecc15a91049"
},
{
"url": "https://git.kernel.org/stable/c/e71a57c5aaa389d4c3c82f920761262efdd18d38",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e71a57c5aaa389d4c3c82f920761262efdd18d38"
},
{
"url": "https://git.kernel.org/stable/c/73851cfceb00cc77d7a0851bc10f2263394c3e87",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/73851cfceb00cc77d7a0851bc10f2263394c3e87"
},
{
"url": "https://git.kernel.org/stable/c/85f11291658ab907c4294319c8102450cc75bb96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/85f11291658ab907c4294319c8102450cc75bb96"
},
{
"url": "https://git.kernel.org/stable/c/2ff0e408db36c21ed3fa5e3c1e0e687c82cf132f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ff0e408db36c21ed3fa5e3c1e0e687c82cf132f"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22045.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix flush_tlb_range() when used for zapping normal PMDs\n\nOn the following path, flush_tlb_range() can be used for zapping normal\nPMD entries (PMD entries that point to page tables) together with the PTE\nentries in the pointed-to page table:\n\n collapse_pte_mapped_thp\n pmdp_collapse_flush\n flush_tlb_range\n\nThe arm64 version of flush_tlb_range() has a comment describing that it can\nbe used for page table removal, and does not use any last-level\ninvalidation optimizations. Fix the X86 version by making it behave the\nsame way.\n\nCurrently, X86 only uses this information for the following two purposes,\nwhich I think means the issue doesn't have much impact:\n\n - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be\n IPI'd to avoid issues with speculative page table walks.\n - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.\n\nThe patch \"x86/mm: only invalidate final translations with INVLPGB\" which\nis currently under review (see\n<https://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/>)\nwould probably be making the impact of this a lot worse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "016c4d92cd16f569c6485ae62b076c1a4b779536",
"version_value": "618d5612ecb7bfc1c85342daafeb2b47e29e77a3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/618d5612ecb7bfc1c85342daafeb2b47e29e77a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/618d5612ecb7bfc1c85342daafeb2b47e29e77a3"
},
{
"url": "https://git.kernel.org/stable/c/556d446068f90981e5d71ca686bdaccdd545d491",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/556d446068f90981e5d71ca686bdaccdd545d491"
},
{
"url": "https://git.kernel.org/stable/c/0a8f806ea6b5dd64b3d1f05ff774817d5f7ddbd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a8f806ea6b5dd64b3d1f05ff774817d5f7ddbd1"
},
{
"url": "https://git.kernel.org/stable/c/0708fd6bd8161871bfbadced2ca4319b84ab44fe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0708fd6bd8161871bfbadced2ca4319b84ab44fe"
},
{
"url": "https://git.kernel.org/stable/c/7085895c59e4057ffae17f58990ccb630087d0d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7085895c59e4057ffae17f58990ccb630087d0d2"
},
{
"url": "https://git.kernel.org/stable/c/93224deb50a8d20df3884f3672ce9f982129aa50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93224deb50a8d20df3884f3672ce9f982129aa50"
},
{
"url": "https://git.kernel.org/stable/c/320ac1af4c0bdb92c864dc9250d1329234820edf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/320ac1af4c0bdb92c864dc9250d1329234820edf"
},
{
"url": "https://git.kernel.org/stable/c/78d6f9a9eb2a5da6fcbd76d6191d24b0dcc321be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/78d6f9a9eb2a5da6fcbd76d6191d24b0dcc321be"
},
{
"url": "https://git.kernel.org/stable/c/3ef938c3503563bfc2ac15083557f880d29c2e64",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ef938c3503563bfc2ac15083557f880d29c2e64"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22046.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes/x86: Harden uretprobe syscall trampoline check\n\nJann reported a possible issue when trampoline_check_ip returns\naddress near the bottom of the address space that is allowed to\ncall into the syscall if uretprobes are not set up:\n\n https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341b8fbc11737dacbcd29f0054413cbbf\n\nThough the mmap minimum address restrictions will typically prevent\ncreating mappings there, let's make sure uretprobe syscall checks\nfor that."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ff474a78cef5cb5f32be52fe25b78441327a2e7c",
"version_value": "c35771342e47d58ab9433f3be1c3c30f2c5fa4f3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c35771342e47d58ab9433f3be1c3c30f2c5fa4f3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c35771342e47d58ab9433f3be1c3c30f2c5fa4f3"
},
{
"url": "https://git.kernel.org/stable/c/b0065d712049c87e1994c6eac00c6a637e39b325",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b0065d712049c87e1994c6eac00c6a637e39b325"
},
{
"url": "https://git.kernel.org/stable/c/d4e48b8d59fe162938a5004ace698c847e6a3207",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4e48b8d59fe162938a5004ace698c847e6a3207"
},
{
"url": "https://git.kernel.org/stable/c/fa6192adc32f4fdfe5b74edd5b210e12afd6ecc0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa6192adc32f4fdfe5b74edd5b210e12afd6ecc0"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

140
2025/22xxx/CVE-2025-22047.json
View File

@ -1,18 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix __apply_microcode_amd()'s return value\n\nWhen verify_sha256_digest() fails, __apply_microcode_amd() should propagate\nthe failure by returning false (and not -1 which is promoted to true)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "bef830144febedb7de86863ae99d8f53bed76e95",
"version_value": "763f4d638f71cb45235395790a46e9f9e84227fd"
},
{
"version_affected": "<",
"version_name": "3e8653e399e7111a3e87d534ff4533b250ae574f",
"version_value": "ada88219d5315fc13f2910fe278c7112d8d68889"
},
{
"version_affected": "<",
"version_name": "c162ba4f45ab6ef3b7114af6fb419f1833f050c0",
"version_value": "d295c58fad1d5ab987a81f139dd21498732c4f13"
},
{
"version_affected": "<",
"version_name": "50cef76d5cb0e199cda19f026842560f6eedc4f7",
"version_value": "7f705a45f130a85fbf31c2abdc999c65644c8307"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd"
},
{
"url": "https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889"
},
{
"url": "https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13"
},
{
"url": "https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307"
},
{
"url": "https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

135
2025/22xxx/CVE-2025-22048.json
View File

@ -1,18 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Don't override subprog's return value\n\nThe verifier test `calls: div by 0 in subprog` triggers a panic at the\nld.bu instruction. The ld.bu insn is trying to load byte from memory\naddress returned by the subprog. The subprog actually set the correct\naddress at the a5 register (dedicated register for BPF return values).\nBut at commit 73c359d1d356 (\"LoongArch: BPF: Sign-extend return values\")\nwe also sign extended a5 to the a0 register (return value in LoongArch).\nFor function call insn, we later propagate the a0 register back to a5\nregister. This is right for native calls but wrong for bpf2bpf calls\nwhich expect zero-extended return value in a5 register. So only move a0\nto a5 for native calls (i.e. non-BPF_PSEUDO_CALL)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0c8d50501bc13cacecc19caaddc10db372592a39",
"version_value": "7df2696256a034405d3c5a71b3a4c54725de4404"
},
{
"version_affected": "<",
"version_name": "d5d83242a1d778ceb6d8b07c6b491cf7483ca112",
"version_value": "223d565d8892481684091cfbaf3466f2b0e289d3"
},
{
"version_affected": "<",
"version_name": "73c359d1d356cf10236ccd358bd55edab33e9424",
"version_value": "780628a780b622759d9e5adc76d15432144da1a3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7df2696256a034405d3c5a71b3a4c54725de4404",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7df2696256a034405d3c5a71b3a4c54725de4404"
},
{
"url": "https://git.kernel.org/stable/c/223d565d8892481684091cfbaf3466f2b0e289d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/223d565d8892481684091cfbaf3466f2b0e289d3"
},
{
"url": "https://git.kernel.org/stable/c/780628a780b622759d9e5adc76d15432144da1a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/780628a780b622759d9e5adc76d15432144da1a3"
},
{
"url": "https://git.kernel.org/stable/c/996e90ab446641553e8e21707b38b9709605e0e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/996e90ab446641553e8e21707b38b9709605e0e0"
},
{
"url": "https://git.kernel.org/stable/c/60f3caff1492e5b8616b9578c4bedb5c0a88ed14",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60f3caff1492e5b8616b9578c4bedb5c0a88ed14"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

126
2025/22xxx/CVE-2025-22049.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Increase ARCH_DMA_MINALIGN up to 16\n\nARCH_DMA_MINALIGN is 1 by default, but some LoongArch-specific devices\n(such as APBDMA) require 16 bytes alignment. When the data buffer length\nis too small, the hardware may make an error writing cacheline. Thus, it\nis dangerous to allocate a small memory buffer for DMA. It's always safe\nto define ARCH_DMA_MINALIGN as L1_CACHE_BYTES but unnecessary (kmalloc()\nneed small memory objects). Therefore, just increase it to 16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "f39af67f03b564b763b06e44cb960c10a382d54a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f39af67f03b564b763b06e44cb960c10a382d54a"
},
{
"url": "https://git.kernel.org/stable/c/279ec25c2df49fba1cd9488f2ddd045d9cb2112e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/279ec25c2df49fba1cd9488f2ddd045d9cb2112e"
},
{
"url": "https://git.kernel.org/stable/c/1d0def2d1658666ec1f32c9495df60e7411e3c82",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d0def2d1658666ec1f32c9495df60e7411e3c82"
},
{
"url": "https://git.kernel.org/stable/c/bfff341cac7c650e6ca8d10503725992f5564d0f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bfff341cac7c650e6ca8d10503725992f5564d0f"
},
{
"url": "https://git.kernel.org/stable/c/8b82aea3666f8f2c78f86148d78aea99c46e0f82",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b82aea3666f8f2c78f86148d78aea99c46e0f82"
},
{
"url": "https://git.kernel.org/stable/c/4103cfe9dcb88010ae4911d3ff417457d1b6a720",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4103cfe9dcb88010ae4911d3ff417457d1b6a720"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

162
2025/22xxx/CVE-2025-22050.json
View File

@ -1,18 +1,172 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet:fix NPE during rx_complete\n\nMissing usbnet_going_away Check in Critical Path.\nThe usb_submit_urb function lacks a usbnet_going_away\nvalidation, whereas __usbnet_queue_skb includes this check.\n\nThis inconsistency creates a race condition where:\nA URB request may succeed, but the corresponding SKB data\nfails to be queued.\n\nSubsequent processes:\n(e.g., rx_complete \u2192 defer_bh \u2192 __skb_unlink(skb, list))\nattempt to access skb->next, triggering a NULL pointer\ndereference (Kernel Panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b80aacfea6e8d6ed6e430aa13922d6ccf044415a",
"version_value": "95789c2f94fd29dce8759f9766baa333f749287c"
},
{
"version_affected": "<",
"version_name": "869caa8de8cb94514df704ccbe0b024fda4b9398",
"version_value": "0f10f83acfd619e13c64d6705908dfd792f19544"
},
{
"version_affected": "<",
"version_name": "1e44ee6cdd123d6cfe78b4a94e1572e23bbb58ce",
"version_value": "acacd48a37b52fc95f621765762c04152b58d642"
},
{
"version_affected": "<",
"version_name": "04e906839a053f092ef53f4fb2d610983412b904",
"version_value": "d689645cd1594ea1d13cb0c404f8ad1011353e0e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c"
},
{
"url": "https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544"
},
{
"url": "https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642"
},
{
"url": "https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e"
},
{
"url": "https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba"
},
{
"url": "https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac"
},
{
"url": "https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

103
2025/22xxx/CVE-2025-22051.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in agilent usb\n\nIf the agilent usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "fbae7090f30c1bd5a351d0c8f82b6a635718b8d8",
"version_value": "e88633705078f40391a9afc6cc8ea3025e6f692b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b"
},
{
"url": "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099"
},
{
"url": "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

103
2025/22xxx/CVE-2025-22052.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22052",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in ni_usb\n\nIf the usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4934b98bb24327c32ed55c96012f019932383da5",
"version_value": "b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e"
},
{
"url": "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf"
},
{
"url": "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22053.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibmveth: make veth_pool_store stop hanging\n\nv2:\n- Created a single error handling unlock and exit in veth_pool_store\n- Greatly expanded commit message with previous explanatory-only text\n\nSummary: Use rtnl_mutex to synchronize veth_pool_store with itself,\nibmveth_close and ibmveth_open, preventing multiple calls in a row to\nnapi_disable.\n\nBackground: Two (or more) threads could call veth_pool_store through\nwriting to /sys/devices/vio/30000002/pool*/*. You can do this easily\nwith a little shell script. This causes a hang.\n\nI configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new\nkernel. I ran this test again and saw:\n\n Setting pool0/active to 0\n Setting pool1/active to 1\n [ 73.911067][ T4365] ibmveth 30000002 eth0: close starting\n Setting pool1/active to 1\n Setting pool1/active to 0\n [ 73.911367][ T4366] ibmveth 30000002 eth0: close starting\n [ 73.916056][ T4365] ibmveth 30000002 eth0: close complete\n [ 73.916064][ T4365] ibmveth 30000002 eth0: open starting\n [ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.\n [ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8\n [ 243.683833][ T123] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [ 243.683838][ T123] task:stress.sh state:D stack:28096 pid:4365 tgid:4365 ppid:4364 task_flags:0x400040 flags:0x00042000\n [ 243.683852][ T123] Call Trace:\n [ 243.683857][ T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable)\n [ 243.683868][ T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0\n [ 243.683878][ T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0\n [ 243.683888][ T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210\n [ 243.683896][ T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50\n [ 243.683904][ T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0\n [ 243.683913][ T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60\n [ 243.683921][ T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc\n [ 243.683928][ T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270\n [ 243.683936][ T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0\n [ 243.683944][ T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0\n [ 243.683951][ T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650\n [ 243.683958][ T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150\n [ 243.683966][ T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340\n [ 243.683973][ T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n ...\n [ 243.684087][ T123] Showing all locks held in the system:\n [ 243.684095][ T123] 1 lock held by khungtaskd/123:\n [ 243.684099][ T123] #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248\n [ 243.684114][ T123] 4 locks held by stress.sh/4365:\n [ 243.684119][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.684132][ T123] #1: c000000041aea888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0\n [ 243.684143][ T123] #2: c0000000366fb9a8 (kn->active#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0\n [ 243.684155][ T123] #3: c000000035ff4cb8 (&dev->lock){+.+.}-{3:3}, at: napi_enable+0x30/0x60\n [ 243.684166][ T123] 5 locks held by stress.sh/4366:\n [ 243.684170][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "860f242eb5340d0b0cfe243cb86b2a98f92e8b91",
"version_value": "1e458c292f4c687dcf5aad32dd4836d03cd2191f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.18",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1e458c292f4c687dcf5aad32dd4836d03cd2191f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e458c292f4c687dcf5aad32dd4836d03cd2191f"
},
{
"url": "https://git.kernel.org/stable/c/8a88bb092f4208355880b9fdcc69d491aa297595",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a88bb092f4208355880b9fdcc69d491aa297595"
},
{
"url": "https://git.kernel.org/stable/c/86cc70f5c85dc09bf7f3e1eee380eefe73c90765",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/86cc70f5c85dc09bf7f3e1eee380eefe73c90765"
},
{
"url": "https://git.kernel.org/stable/c/0a2470e3ecde64fc7e3781dc474923193621ae67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a2470e3ecde64fc7e3781dc474923193621ae67"
},
{
"url": "https://git.kernel.org/stable/c/053f3ff67d7feefc75797863f3d84b47ad47086f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/053f3ff67d7feefc75797863f3d84b47ad47086f"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

194
2025/22xxx/CVE-2025-22054.json
View File

@ -1,18 +1,204 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narcnet: Add NULL check in com20020pci_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ncom20020pci_probe() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensure\nno resources are left allocated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e38cd53421ed4e37fc99662a0f2a0c567993844f",
"version_value": "661cf5d102949898c931e81fd4e1c773afcdeafa"
},
{
"version_affected": "<",
"version_name": "d54f5a5bc85afd01b0a00689b795e31db54adc15",
"version_value": "905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d"
},
{
"version_affected": "<",
"version_name": "75c53a4c43295fb8b09edae45239790db9cc69c3",
"version_value": "ef8b29398ea6061ac8257f3e45c9be45cc004ce2"
},
{
"version_affected": "<",
"version_name": "8d034da82563a526dbd7e9069bb3f6946403b72c",
"version_value": "be8a0decd0b59a52a07276f9ef3b33ef820b2179"
},
{
"version_affected": "<",
"version_name": "5106d7adb74bc6160806b45ffd2321b10ca14ee0",
"version_value": "ececf8eff6c25acc239fa8f0fd837c76bc770547"
},
{
"version_affected": "<",
"version_name": "6b17a597fc2f13aaaa0a2780eb7edb9ae7ac9aea",
"version_value": "ebebeb58d48e25525fa654f2c53a24713fe141c3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa"
},
{
"url": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d"
},
{
"url": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2"
},
{
"url": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179"
},
{
"url": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547"
},
{
"url": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3"
},
{
"url": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e"
},
{
"url": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4"
},
{
"url": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

158
2025/22xxx/CVE-2025-22055.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22055",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix geneve_opt length integer overflow\n\nstruct geneve_opt uses 5 bit length for each single option, which\nmeans every vary size option should be smaller than 128 bytes.\n\nHowever, all current related Netlink policies cannot promise this\nlength condition and the attacker can exploit a exact 128-byte size\noption to *fake* a zero length option and confuse the parsing logic,\nfurther achieve heap out-of-bounds read.\n\nOne example crash log is like below:\n\n[ 3.905425] ==================================================================\n[ 3.905925] BUG: KASAN: slab-out-of-bounds in nla_put+0xa9/0xe0\n[ 3.906255] Read of size 124 at addr ffff888005f291cc by task poc/177\n[ 3.906646]\n[ 3.906775] CPU: 0 PID: 177 Comm: poc-oob-read Not tainted 6.1.132 #1\n[ 3.907131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 3.907784] Call Trace:\n[ 3.907925] <TASK>\n[ 3.908048] dump_stack_lvl+0x44/0x5c\n[ 3.908258] print_report+0x184/0x4be\n[ 3.909151] kasan_report+0xc5/0x100\n[ 3.909539] kasan_check_range+0xf3/0x1a0\n[ 3.909794] memcpy+0x1f/0x60\n[ 3.909968] nla_put+0xa9/0xe0\n[ 3.910147] tunnel_key_dump+0x945/0xba0\n[ 3.911536] tcf_action_dump_1+0x1c1/0x340\n[ 3.912436] tcf_action_dump+0x101/0x180\n[ 3.912689] tcf_exts_dump+0x164/0x1e0\n[ 3.912905] fw_dump+0x18b/0x2d0\n[ 3.913483] tcf_fill_node+0x2ee/0x460\n[ 3.914778] tfilter_notify+0xf4/0x180\n[ 3.915208] tc_new_tfilter+0xd51/0x10d0\n[ 3.918615] rtnetlink_rcv_msg+0x4a2/0x560\n[ 3.919118] netlink_rcv_skb+0xcd/0x200\n[ 3.919787] netlink_unicast+0x395/0x530\n[ 3.921032] netlink_sendmsg+0x3d0/0x6d0\n[ 3.921987] __sock_sendmsg+0x99/0xa0\n[ 3.922220] __sys_sendto+0x1b7/0x240\n[ 3.922682] __x64_sys_sendto+0x72/0x90\n[ 3.922906] do_syscall_64+0x5e/0x90\n[ 3.923814] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 3.924122] RIP: 0033:0x7e83eab84407\n[ 3.924331] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 3.925330] RSP: 002b:00007ffff505e370 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[ 3.925752] RAX: ffffffffffffffda RBX: 00007e83eaafa740 RCX: 00007e83eab84407\n[ 3.926173] RDX: 00000000000001a8 RSI: 00007ffff505e3c0 RDI: 0000000000000003\n[ 3.926587] RBP: 00007ffff505f460 R08: 00007e83eace1000 R09: 000000000000000c\n[ 3.926977] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffff505f3c0\n[ 3.927367] R13: 00007ffff505f5c8 R14: 00007e83ead1b000 R15: 00005d4fbbe6dcb8\n\nFix these issues by enforing correct length condition in related\npolicies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0ed5269f9e41f495c8e9020c85f5e1644c1afc57",
"version_value": "a2cb85f989e2074e2f392e00188c438cab3de088"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a2cb85f989e2074e2f392e00188c438cab3de088",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a2cb85f989e2074e2f392e00188c438cab3de088"
},
{
"url": "https://git.kernel.org/stable/c/b4513ad0f391871d3feee8ddf535609a3aabeeac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b4513ad0f391871d3feee8ddf535609a3aabeeac"
},
{
"url": "https://git.kernel.org/stable/c/21748669c5825761cbbf47cbeeb01387ddccc8cb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/21748669c5825761cbbf47cbeeb01387ddccc8cb"
},
{
"url": "https://git.kernel.org/stable/c/5a2976cc4d9c36ff58a0f10e35ce4283cbaa9c0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a2976cc4d9c36ff58a0f10e35ce4283cbaa9c0e"
},
{
"url": "https://git.kernel.org/stable/c/2952776c69a1a551649ed770bf22e3f691f6ec65",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2952776c69a1a551649ed770bf22e3f691f6ec65"
},
{
"url": "https://git.kernel.org/stable/c/738ae5712215fe9181587d582b23333f02c62ca6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/738ae5712215fe9181587d582b23333f02c62ca6"
},
{
"url": "https://git.kernel.org/stable/c/4d606069bdd3c76f8ab1f06796c97ef7f4746807",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d606069bdd3c76f8ab1f06796c97ef7f4746807"
},
{
"url": "https://git.kernel.org/stable/c/b27055a08ad4b415dcf15b63034f9cb236f7fb40",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b27055a08ad4b415dcf15b63034f9cb236f7fb40"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

158
2025/22xxx/CVE-2025-22056.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[ 6.989857] ==================================================================\n[ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[ 6.991162]\n[ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 6.992281] Call Trace:\n[ 6.992423] <TASK>\n[ 6.992586] dump_stack_lvl+0x44/0x5c\n[ 6.992801] print_report+0x184/0x4be\n[ 6.993790] kasan_report+0xc5/0x100\n[ 6.994252] kasan_check_range+0xf3/0x1a0\n[ 6.994486] memcpy+0x38/0x60\n[ 6.994692] nft_tunnel_obj_init+0x977/0xa70\n[ 6.995677] nft_obj_init+0x10c/0x1b0\n[ 6.995891] nf_tables_newobj+0x585/0x950\n[ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020\n[ 6.998997] nfnetlink_rcv+0x1df/0x220\n[ 6.999537] netlink_unicast+0x395/0x530\n[ 7.000771] netlink_sendmsg+0x3d0/0x6d0\n[ 7.001462] __sock_sendmsg+0x99/0xa0\n[ 7.001707] ____sys_sendmsg+0x409/0x450\n[ 7.002391] ___sys_sendmsg+0xfd/0x170\n[ 7.003145] __sys_sendmsg+0xea/0x170\n[ 7.004359] do_syscall_64+0x5e/0x90\n[ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 7.006127] RIP: 0033:0x7ec756d4e407\n[ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "925d844696d9287f841d6b3e0ed62a35fb175970",
"version_value": "31d49eb436f2da61280508d7adf8c9b473b967aa"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/31d49eb436f2da61280508d7adf8c9b473b967aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31d49eb436f2da61280508d7adf8c9b473b967aa"
},
{
"url": "https://git.kernel.org/stable/c/ca2adfc03cd6273f0b589fe65afc6f75e0fe116e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca2adfc03cd6273f0b589fe65afc6f75e0fe116e"
},
{
"url": "https://git.kernel.org/stable/c/a263d31c8c92e5919d41af57d9479cfb66323782",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a263d31c8c92e5919d41af57d9479cfb66323782"
},
{
"url": "https://git.kernel.org/stable/c/28d88ee1e1cc8ac2d79aeb112717b97c5c833d43",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28d88ee1e1cc8ac2d79aeb112717b97c5c833d43"
},
{
"url": "https://git.kernel.org/stable/c/0a93a710d6df334b828ea064c6d39fda34f901dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a93a710d6df334b828ea064c6d39fda34f901dc"
},
{
"url": "https://git.kernel.org/stable/c/446d94898c560ed2f61e26ae445858a4c4830762",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/446d94898c560ed2f61e26ae445858a4c4830762"
},
{
"url": "https://git.kernel.org/stable/c/708e268acb3a446ad2a8a3d2e9bd41cc23660cd6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/708e268acb3a446ad2a8a3d2e9bd41cc23660cd6"
},
{
"url": "https://git.kernel.org/stable/c/1b755d8eb1ace3870789d48fbd94f386ad6e30be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b755d8eb1ace3870789d48fbd94f386ad6e30be"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22057.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n Call trace:\n percpu_counter_add_batch+0x3c/0x160 (P)\n dst_release+0xec/0x108\n dst_cache_destroy+0x68/0xd8\n dst_destroy+0x13c/0x168\n dst_destroy_rcu+0x1c/0xb0\n rcu_do_batch+0x18c/0x7d0\n rcu_core+0x174/0x378\n rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8",
"version_value": "ccc331fd5bcae131d2627d5ef099d4a1f6540aea"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ccc331fd5bcae131d2627d5ef099d4a1f6540aea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ccc331fd5bcae131d2627d5ef099d4a1f6540aea"
},
{
"url": "https://git.kernel.org/stable/c/92a5c18513117be69bc00419dd1724c1940f8fcd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92a5c18513117be69bc00419dd1724c1940f8fcd"
},
{
"url": "https://git.kernel.org/stable/c/836415a8405c9665ae55352fc5ba865c242f5e4f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/836415a8405c9665ae55352fc5ba865c242f5e4f"
},
{
"url": "https://git.kernel.org/stable/c/e833e7ad64eb2f63867f65303be49ca30ee8819e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e833e7ad64eb2f63867f65303be49ca30ee8819e"
},
{
"url": "https://git.kernel.org/stable/c/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

136
2025/22xxx/CVE-2025-22058.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n 1. /proc/net/sockstat reports 0 pages\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 0\n\n 2. Run the script till the report reaches 524,288\n\n # python3 test.py & sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT\n\n 3. Kill the socket and confirm the number never drops\n\n # pkill python3 && sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 524288\n\n 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n # python3 test.py & sleep 1 && pkill python3\n\n 5. The number doubles\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb->truesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n 1) Add size to sk->sk_forward_alloc.\n 2) Round down sk->sk_forward_alloc to the nearest lower multiple of\n PAGE_SIZE and assign it to amount.\n 3) Subtract amount from sk->sk_forward_alloc.\n 4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket's\nsk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let's use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind(('', 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b'a' * 100\n\nwhile True:\n c.send(data)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f970bd9e3a06f06df8d8ecf1f8ad2c8615cc17eb",
"version_value": "9122fec396950cc866137af7154b1d0d989be52e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9122fec396950cc866137af7154b1d0d989be52e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9122fec396950cc866137af7154b1d0d989be52e"
},
{
"url": "https://git.kernel.org/stable/c/aeef6456692c6f11ae53d278df64f1316a2a405a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aeef6456692c6f11ae53d278df64f1316a2a405a"
},
{
"url": "https://git.kernel.org/stable/c/a116b271bf3cb72c8155b6b7f39083c1b80dcd00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a116b271bf3cb72c8155b6b7f39083c1b80dcd00"
},
{
"url": "https://git.kernel.org/stable/c/c4bac6c398118fba79e32b1cd01db22dbfe29fbf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c4bac6c398118fba79e32b1cd01db22dbfe29fbf"
},
{
"url": "https://git.kernel.org/stable/c/3836029448e76c1e6f77cc5fe0adc09b018b5fa8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3836029448e76c1e6f77cc5fe0adc09b018b5fa8"
},
{
"url": "https://git.kernel.org/stable/c/df207de9d9e7a4d92f8567e2c539d9c8c12fd99d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/df207de9d9e7a4d92f8567e2c539d9c8c12fd99d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22059.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix multiple wraparounds of sk->sk_rmem_alloc.\n\n__udp_enqueue_schedule_skb() has the following condition:\n\n if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)\n goto drop;\n\nsk->sk_rcvbuf is initialised by net.core.rmem_default and later can\nbe configured by SO_RCVBUF, which is limited by net.core.rmem_max,\nor SO_RCVBUFFORCE.\n\nIf we set INT_MAX to sk->sk_rcvbuf, the condition is always false\nas sk->sk_rmem_alloc is also signed int.\n\nThen, the size of the incoming skb is added to sk->sk_rmem_alloc\nunconditionally.\n\nThis results in integer overflow (possibly multiple times) on\nsk->sk_rmem_alloc and allows a single socket to have skb up to\nnet.core.udp_mem[1].\n\nFor example, if we set a large value to udp_mem[1] and INT_MAX to\nsk->sk_rcvbuf and flood packets to the socket, we can see multiple\noverflows:\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 7956736 <-- (7956736 << 12) bytes > INT_MAX * 15\n ^- PAGE_SHIFT\n # ss -uam\n State Recv-Q ...\n UNCONN -1757018048 ... <-- flipping the sign repeatedly\n skmem:(r2537949248,rb2147483646,t0,tb212992,f1984,w0,o0,bl0,d0)\n\nPreviously, we had a boundary check for INT_MAX, which was removed by\ncommit 6a1f12dd85a8 (\"udp: relax atomic operation on sk->sk_rmem_alloc\").\n\nA complete fix would be to revert it and cap the right operand by\nINT_MAX:\n\n rmem = atomic_add_return(size, &sk->sk_rmem_alloc);\n if (rmem > min(size + (unsigned int)sk->sk_rcvbuf, INT_MAX))\n goto uncharge_drop;\n\nbut we do not want to add the expensive atomic_add_return() back just\nfor the corner case.\n\nCasting rmem to unsigned int prevents multiple wraparounds, but we still\nallow a single wraparound.\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> 12\n\n # ss -uam\n State Recv-Q ...\n UNCONN -2147482816 ... <-- INT_MAX + 831 bytes\n skmem:(r2147484480,rb2147483646,t0,tb212992,f3264,w0,o0,bl0,d14468947)\n\nSo, let's define rmem and rcvbuf as unsigned int and check skb->truesize\nonly when rcvbuf is large enough to lower the overflow possibility.\n\nNote that we still have a small chance to see overflow if multiple skbs\nto the same socket are processed on different core at the same time and\neach size does not exceed the limit but the total size does.\n\nNote also that we must ignore skb->truesize for a small buffer as\nexplained in commit 363dc73acacb (\"udp: be less conservative with\nsock rmem accounting\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6a1f12dd85a8b24f871dfcf467378660af9c064d",
"version_value": "94d5ad7b41122be33ebc2a6830fe710cba1ecd75"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/94d5ad7b41122be33ebc2a6830fe710cba1ecd75",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/94d5ad7b41122be33ebc2a6830fe710cba1ecd75"
},
{
"url": "https://git.kernel.org/stable/c/1f529988efe9870db802cb79d01d8f473099b4d7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1f529988efe9870db802cb79d01d8f473099b4d7"
},
{
"url": "https://git.kernel.org/stable/c/7571aadd20289e9ea10ebfed0986f39ed8b3c16b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7571aadd20289e9ea10ebfed0986f39ed8b3c16b"
},
{
"url": "https://git.kernel.org/stable/c/5a465a0da13ee9fbd7d3cd0b2893309b0fe4b7e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a465a0da13ee9fbd7d3cd0b2893309b0fe4b7e3"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

147
2025/22xxx/CVE-2025-22060.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: Prevent parser TCAM memory corruption\n\nProtect the parser TCAM/SRAM memory, and the cached (shadow) SRAM\ninformation, from concurrent modifications.\n\nBoth the TCAM and SRAM tables are indirectly accessed by configuring\nan index register that selects the row to read or write to. This means\nthat operations must be atomic in order to, e.g., avoid spreading\nwrites across multiple rows. Since the shadow SRAM array is used to\nfind free rows in the hardware table, it must also be protected in\norder to avoid TOCTOU errors where multiple cores allocate the same\nrow.\n\nThis issue was detected in a situation where `mvpp2_set_rx_mode()` ran\nconcurrently on two CPUs. In this particular case the\nMVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the\nclassifier unit to drop all incoming unicast - indicated by the\n`rx_classifier_drops` counter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"version_value": "e3711163d14d02af9005e4cdad30899c565f13fb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e3711163d14d02af9005e4cdad30899c565f13fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3711163d14d02af9005e4cdad30899c565f13fb"
},
{
"url": "https://git.kernel.org/stable/c/b3f48a41a00d6d8d9c6fe09ae47dd21c8c1c8b03",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3f48a41a00d6d8d9c6fe09ae47dd21c8c1c8b03"
},
{
"url": "https://git.kernel.org/stable/c/5b0ae1723a7d9574ae1aee7d9cf9757a30069865",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b0ae1723a7d9574ae1aee7d9cf9757a30069865"
},
{
"url": "https://git.kernel.org/stable/c/fcbfb54a0269875cf3cd6a2bff4f85a2e0a0b552",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fcbfb54a0269875cf3cd6a2bff4f85a2e0a0b552"
},
{
"url": "https://git.kernel.org/stable/c/e64e9b6e86b39db3baa576fd73da73533b54cb2d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e64e9b6e86b39db3baa576fd73da73533b54cb2d"
},
{
"url": "https://git.kernel.org/stable/c/46c1e23e34c9d1eaadf37f88216d9d8ce0d0bcee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46c1e23e34c9d1eaadf37f88216d9d8ce0d0bcee"
},
{
"url": "https://git.kernel.org/stable/c/96844075226b49af25a69a1d084b648ec2d9b08d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96844075226b49af25a69a1d084b648ec2d9b08d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2025/22xxx/CVE-2025-22061.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()\n\nFix the following kernel warning deleting HTB offloaded leafs and/or root\nHTB qdisc in airoha_eth driver properly reporting qid in\nairoha_tc_get_htb_get_leaf_queue routine.\n\n$tc qdisc replace dev eth1 root handle 10: htb offload\n$tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit\n$tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \\\n quanta 1514 3028 4542 6056 7570 9084 10598 12112\n$tc qdisc del dev eth1 root\n\n[ 55.827864] ------------[ cut here ]------------\n[ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4\n[ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0\n[ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT)\n[ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.976344] pc : 0xffffffc0798695a4\n[ 55.979851] lr : 0xffffffc079869a20\n[ 55.983358] sp : ffffffc0850536a0\n[ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001\n[ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800\n[ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000\n[ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000\n[ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000\n[ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001\n[ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000\n[ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000\n[ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001\n[ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000\n[ 56.058020] Call trace:\n[ 56.060459] 0xffffffc0798695a4\n[ 56.063618] 0xffffffc079869a20\n[ 56.066777] __qdisc_destroy+0x40/0xa0\n[ 56.070528] qdisc_put+0x54/0x6c\n[ 56.073748] qdisc_graft+0x41c/0x648\n[ 56.077324] tc_get_qdisc+0x168/0x2f8\n[ 56.080978] rtnetlink_rcv_msg+0x230/0x330\n[ 56.085076] netlink_rcv_skb+0x5c/0x128\n[ 56.088913] rtnetlink_rcv+0x14/0x1c\n[ 56.092490] netlink_unicast+0x1e0/0x2c8\n[ 56.096413] netlink_sendmsg+0x198/0x3c8\n[ 56.100337] ____sys_sendmsg+0x1c4/0x274\n[ 56.104261] ___sys_sendmsg+0x7c/0xc0\n[ 56.107924] __sys_sendmsg+0x44/0x98\n[ 56.111492] __arm64_sys_sendmsg+0x20/0x28\n[ 56.115580] invoke_syscall.constprop.0+0x58/0xfc\n[ 56.120285] do_el0_svc+0x3c/0xbc\n[ 56.123592] el0_svc+0x18/0x4c\n[ 56.126647] el0t_64_sync_handler+0x118/0x124\n[ 56.131005] el0t_64_sync+0x150/0x154\n[ 56.134660] ---[ end trace 0000000000000000 ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ef1ca9271313b4ea7b03de69576aacef1e78f381",
"version_value": "d7f76197e49e46a8c082a6fededaa8a07e69a860"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d7f76197e49e46a8c082a6fededaa8a07e69a860",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7f76197e49e46a8c082a6fededaa8a07e69a860"
},
{
"url": "https://git.kernel.org/stable/c/57b290d97c6150774bf929117ca737a26d8fc33d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57b290d97c6150774bf929117ca737a26d8fc33d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22062.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n <TASK>\n udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n do_splice_from fs/splice.c:935 [inline]\n direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n do_splice_direct_actor fs/splice.c:1201 [inline]\n do_splice_direct+0x174/0x240 fs/splice.c:1227\n do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "046c052b475e7119b6a30e3483e2888fc606a2f8",
"version_value": "e5178bfc55b3a78000f0f8298e7ade88783ce581"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e5178bfc55b3a78000f0f8298e7ade88783ce581",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e5178bfc55b3a78000f0f8298e7ade88783ce581"
},
{
"url": "https://git.kernel.org/stable/c/efb8cb487be8f4ba6aaef616011d702d6a083ed1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/efb8cb487be8f4ba6aaef616011d702d6a083ed1"
},
{
"url": "https://git.kernel.org/stable/c/d3d7675d77622f6ca1aae14c51f80027b36283f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d3d7675d77622f6ca1aae14c51f80027b36283f8"
},
{
"url": "https://git.kernel.org/stable/c/10206302af856791fbcc27a33ed3c3eb09b2793d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/10206302af856791fbcc27a33ed3c3eb09b2793d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22063.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr->sa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ceba1832b1b2da0149c51de62a847c00bca1677a",
"version_value": "1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf"
},
{
"url": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152"
},
{
"url": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed"
},
{
"url": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8"
},
{
"url": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b"
},
{
"url": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712"
},
{
"url": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5"
},
{
"url": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1"
},
{
"url": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22064.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don't unregister hook when table is dormant\n\nWhen nf_tables_updchain encounters an error, hook registration needs to\nbe rolled back.\n\nThis should only be done if the hook has been registered, which won't\nhappen when the table is flagged as dormant (inactive).\n\nJust move the assignment into the registration block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b9703ed44ffbfba85c103b9de01886a225e14b38",
"version_value": "6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda"
},
{
"url": "https://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b"
},
{
"url": "https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e"
},
{
"url": "https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defe"
},
{
"url": "https://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22065.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 > /sys/class/net/<netif>/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don't seem to be required on shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e850efed5e152e6bdd367d5b82019f21298c0653",
"version_value": "79618e952ef4dfa1a17ee0631d5549603fab58d8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/79618e952ef4dfa1a17ee0631d5549603fab58d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79618e952ef4dfa1a17ee0631d5549603fab58d8"
},
{
"url": "https://git.kernel.org/stable/c/88a6d562e92a295648f8636acf2a6aa714241771",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/88a6d562e92a295648f8636acf2a6aa714241771"
},
{
"url": "https://git.kernel.org/stable/c/9fc9b3dc0d0c189ed205acf1e5fbd73e0becc4d6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9fc9b3dc0d0c189ed205acf1e5fbd73e0becc4d6"
},
{
"url": "https://git.kernel.org/stable/c/4c9106f4906a85f6b13542d862e423bcdc118cc3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4c9106f4906a85f6b13542d862e423bcdc118cc3"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

147
2025/22xxx/CVE-2025-22066.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-card: Add NULL check in imx_card_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nimx_card_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "aa736700f42fa0813e286ca2f9274ffaa25163b9",
"version_value": "018e6cf2503e60087747b0ebc190e18b3640766f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/018e6cf2503e60087747b0ebc190e18b3640766f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/018e6cf2503e60087747b0ebc190e18b3640766f"
},
{
"url": "https://git.kernel.org/stable/c/38253922a89a742e7e622f626b41c64388367361",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/38253922a89a742e7e622f626b41c64388367361"
},
{
"url": "https://git.kernel.org/stable/c/e283a5bf4337a7300ac5e6ae363cc8b242a0b4b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e283a5bf4337a7300ac5e6ae363cc8b242a0b4b7"
},
{
"url": "https://git.kernel.org/stable/c/4d8458e48ff135bddc402ad79821dc058ea163d0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d8458e48ff135bddc402ad79821dc058ea163d0"
},
{
"url": "https://git.kernel.org/stable/c/b01700e08be99e3842570142ec5973ccd7e73eaf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b01700e08be99e3842570142ec5973ccd7e73eaf"
},
{
"url": "https://git.kernel.org/stable/c/dd2bbb9564d0d24a2643ad90008a79840368c4b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dd2bbb9564d0d24a2643ad90008a79840368c4b4"
},
{
"url": "https://git.kernel.org/stable/c/93d34608fd162f725172e780b1c60cc93a920719",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93d34608fd162f725172e780b1c60cc93a920719"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22067.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()\n\nIf requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over the\nentire cdns_mrvl_xspi_clk_div_list array without breaking out early,\ncausing 'i' to go beyond the array bounds.\n\nFix that by stopping the loop when it gets to the last entry, clamping\nthe clock to the minimum 6.25 MHz.\n\nFixes the following warning with an UBSAN kernel:\n\n vmlinux.o: warning: objtool: cdns_mrvl_xspi_setup_clock: unexpected end of section .text.cdns_mrvl_xspi_setup_clock"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "26d34fdc49712ddbd42b11102f5d9d78a0f42097",
"version_value": "e50781bf7accc75883cb8a6a9921fb4e2fa8cca4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e50781bf7accc75883cb8a6a9921fb4e2fa8cca4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e50781bf7accc75883cb8a6a9921fb4e2fa8cca4"
},
{
"url": "https://git.kernel.org/stable/c/c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c1fb84e274cb6a2bce6ba5e65116c06e0b3ab275"
},
{
"url": "https://git.kernel.org/stable/c/645f1813fe0dc96381c36b834131e643b798fd73",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/645f1813fe0dc96381c36b834131e643b798fd73"
},
{
"url": "https://git.kernel.org/stable/c/7ba0847fa1c22e7801cebfe5f7b75aee4fae317e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7ba0847fa1c22e7801cebfe5f7b75aee4fae317e"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22068.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: make sure ubq->canceling is set when queue is frozen\n\nNow ublk driver depends on `ubq->canceling` for deciding if the request\ncan be dispatched via uring_cmd & io_uring_cmd_complete_in_task().\n\nOnce ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd()\nand io_uring_cmd_done().\n\nSo set ubq->canceling when queue is frozen, this way makes sure that the\nflag can be observed from ublk_queue_rq() reliably, and avoids\nuse-after-free on uring_cmd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "216c8f5ef0f209a3797292c487bdaa6991ab4b92",
"version_value": "7e3497d7dacb5aee69dd9be842b778083cae0e75"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7e3497d7dacb5aee69dd9be842b778083cae0e75",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e3497d7dacb5aee69dd9be842b778083cae0e75"
},
{
"url": "https://git.kernel.org/stable/c/5491400589e7572c2d2627ed6384302f7672aa1d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5491400589e7572c2d2627ed6384302f7672aa1d"
},
{
"url": "https://git.kernel.org/stable/c/9158359015f0eda00e521e35b7bc7ebce176aebf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9158359015f0eda00e521e35b7bc7ebce176aebf"
},
{
"url": "https://git.kernel.org/stable/c/8741d0737921ec1c03cf59aebf4d01400c2b461a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8741d0737921ec1c03cf59aebf4d01400c2b461a"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

92
2025/22xxx/CVE-2025-22069.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler\n\nNaresh Kamboju reported a \"Bad frame pointer\" kernel warning while\nrunning LTP trace ftrace_stress_test.sh in riscv. We can reproduce the\nsame issue with the following command:\n\n```\n$ cd /sys/kernel/debug/tracing\n$ echo 'f:myprobe do_nanosleep%return args1=$retval' > dynamic_events\n$ echo 1 > events/fprobes/enable\n$ echo 1 > tracing_on\n$ sleep 1\n```\n\nAnd we can get the following kernel warning:\n\n[ 127.692888] ------------[ cut here ]------------\n[ 127.693755] Bad frame pointer: expected ff2000000065be50, received ba34c141e9594000\n[ 127.693755] from func do_nanosleep return to ffffffff800ccb16\n[ 127.698699] WARNING: CPU: 1 PID: 129 at kernel/trace/fgraph.c:755 ftrace_return_to_handler+0x1b2/0x1be\n[ 127.699894] Modules linked in:\n[ 127.700908] CPU: 1 UID: 0 PID: 129 Comm: sleep Not tainted 6.14.0-rc3-g0ab191c74642 #32\n[ 127.701453] Hardware name: riscv-virtio,qemu (DT)\n[ 127.701859] epc : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702032] ra : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702151] epc : ffffffff8013b5e0 ra : ffffffff8013b5e0 sp : ff2000000065bd10\n[ 127.702221] gp : ffffffff819c12f8 tp : ff60000080853100 t0 : 6e00000000000000\n[ 127.702284] t1 : 0000000000000020 t2 : 6e7566206d6f7266 s0 : ff2000000065bd80\n[ 127.702346] s1 : ff60000081262000 a0 : 000000000000007b a1 : ffffffff81894f20\n[ 127.702408] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000\n[ 127.702470] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038\n[ 127.702530] s2 : ba34c141e9594000 s3 : 0000000000000000 s4 : ff2000000065bdd0\n[ 127.702591] s5 : 00007fff8adcf400 s6 : 000055556dc1d8c0 s7 : 0000000000000068\n[ 127.702651] s8 : 00007fff8adf5d10 s9 : 000000000000006d s10: 0000000000000001\n[ 127.702710] s11: 00005555737377c8 t3 : ffffffff819d899e t4 : ffffffff819d899e\n[ 127.702769] t5 : ffffffff819d89a0 t6 : ff2000000065bb18\n[ 127.702826] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003\n[ 127.703292] [<ffffffff8013b5e0>] ftrace_return_to_handler+0x1b2/0x1be\n[ 127.703760] [<ffffffff80017bce>] return_to_handler+0x16/0x26\n[ 127.704009] [<ffffffff80017bb8>] return_to_handler+0x0/0x26\n[ 127.704057] [<ffffffff800d3352>] common_nsleep+0x42/0x54\n[ 127.704117] [<ffffffff800d44a2>] __riscv_sys_clock_nanosleep+0xba/0x10a\n[ 127.704176] [<ffffffff80901c56>] do_trap_ecall_u+0x188/0x218\n[ 127.704295] [<ffffffff8090cc3e>] handle_exception+0x14a/0x156\n[ 127.705436] ---[ end trace 0000000000000000 ]---\n\nThe reason is that the stack layout for constructing argument for the\nftrace_return_to_handler in the return_to_handler does not match the\n__arch_ftrace_regs structure of riscv, leading to unexpected results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a3ed4157b7d89800a0008de0c9e46a438a5c3745",
"version_value": "78b39c587b8f6c69140177108f9c08a75b1c7c37"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/78b39c587b8f6c69140177108f9c08a75b1c7c37",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/78b39c587b8f6c69140177108f9c08a75b1c7c37"
},
{
"url": "https://git.kernel.org/stable/c/67a5ba8f742f247bc83e46dd2313c142b1383276",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/67a5ba8f742f247bc83e46dd2313c142b1383276"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22070.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix NULL pointer dereference on mkdir\n\nWhen a 9p tree was mounted with option 'posixacl', parent directory had a\ndefault ACL set for its subdirectories, e.g.:\n\n setfacl -m default:group:simpsons:rwx parentdir\n\nthen creating a subdirectory crashed 9p client, as v9fs_fid_add() call in\nfunction v9fs_vfs_mkdir_dotl() sets the passed 'fid' pointer to NULL\n(since dafbe689736) even though the subsequent v9fs_set_create_acl() call\nexpects a valid non-NULL 'fid' pointer:\n\n [ 37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000\n ...\n [ 37.322338] Call Trace:\n [ 37.323043] <TASK>\n [ 37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n [ 37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714)\n [ 37.325532] ? search_module_extables (kernel/module/main.c:3733)\n [ 37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.328006] ? search_bpf_extables (kernel/bpf/core.c:804)\n [ 37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)\n [ 37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574)\n [ 37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p\n [ 37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p\n [ 37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p\n [ 37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p\n [ 37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p\n [ 37.338590] vfs_mkdir (fs/namei.c:4313)\n [ 37.339535] do_mkdirat (fs/namei.c:4336)\n [ 37.340465] __x64_sys_mkdir (fs/namei.c:4354)\n [ 37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n [ 37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by simply swapping the sequence of these two calls in\nv9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before\nv9fs_fid_add()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "dafbe689736f62c696ac64809b17bdc752cfbe76",
"version_value": "8522051c58d68146b93e8a5ba9987e83b3d64e7b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8522051c58d68146b93e8a5ba9987e83b3d64e7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8522051c58d68146b93e8a5ba9987e83b3d64e7b"
},
{
"url": "https://git.kernel.org/stable/c/2139dea5c53e3bb63ac49a6901c85e525a80ee8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2139dea5c53e3bb63ac49a6901c85e525a80ee8a"
},
{
"url": "https://git.kernel.org/stable/c/6517b395cb1e43fbf3962dd93e6fb4a5e5ab100e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6517b395cb1e43fbf3962dd93e6fb4a5e5ab100e"
},
{
"url": "https://git.kernel.org/stable/c/3f61ac7c65bdb26accb52f9db66313597e759821",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f61ac7c65bdb26accb52f9db66313597e759821"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22071.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix a leak in spufs_create_context()\n\nLeak fixes back in 2008 missed one case - if we are trying to set affinity\nand spufs_mkdir() fails, we need to drop the reference to neighbor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "58119068cb27ef7513f80aff44b62a3a8f40ef5f",
"version_value": "829bd6139968e2e759f3928cf65ad0db1e302fe3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.25",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.25",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/829bd6139968e2e759f3928cf65ad0db1e302fe3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/829bd6139968e2e759f3928cf65ad0db1e302fe3"
},
{
"url": "https://git.kernel.org/stable/c/410c787d89c92df4215d7b1a338e2c1a8aba6b9b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/410c787d89c92df4215d7b1a338e2c1a8aba6b9b"
},
{
"url": "https://git.kernel.org/stable/c/c4e72a0d75442237b6f3bcca10a7d81b89376d16",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c4e72a0d75442237b6f3bcca10a7d81b89376d16"
},
{
"url": "https://git.kernel.org/stable/c/a333f223e555d27609f8b45d75a08e8e1d36c432",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a333f223e555d27609f8b45d75a08e8e1d36c432"
},
{
"url": "https://git.kernel.org/stable/c/239ea3c34673b3244a499fd65771c47e5bffcbb0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/239ea3c34673b3244a499fd65771c47e5bffcbb0"
},
{
"url": "https://git.kernel.org/stable/c/d04600f43569d48262e1328eaa1592fcefa2c19c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d04600f43569d48262e1328eaa1592fcefa2c19c"
},
{
"url": "https://git.kernel.org/stable/c/5a90b699844a5bb96961e5892e51cc59255444a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a90b699844a5bb96961e5892e51cc59255444a3"
},
{
"url": "https://git.kernel.org/stable/c/4a7448c83e117ed68597952ecaede1cebc4427a7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4a7448c83e117ed68597952ecaede1cebc4427a7"
},
{
"url": "https://git.kernel.org/stable/c/0f5cce3fc55b08ee4da3372baccf4bcd36a98396",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f5cce3fc55b08ee4da3372baccf4bcd36a98396"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

136
2025/22xxx/CVE-2025-22072.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22072",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix gang directory lifetimes\n\nprior to \"[POWERPC] spufs: Fix gang destroy leaks\" we used to have\na problem with gang lifetimes - creation of a gang returns opened\ngang directory, which normally gets removed when that gets closed,\nbut if somebody has created a context belonging to that gang and\nkept it alive until the gang got closed, removal failed and we\nended up with a leak.\n\nUnfortunately, it had been fixed the wrong way. Dentry of gang\ndirectory was no longer pinned, and rmdir on close was gone.\nOne problem was that failure of open kept calling simple_rmdir()\nas cleanup, which meant an unbalanced dput(). Another bug was\nin the success case - gang creation incremented link count on\nroot directory, but that was no longer undone when gang got\ndestroyed.\n\nFix consists of\n\t* reverting the commit in question\n\t* adding a counter to gang, protected by ->i_rwsem\nof gang directory inode.\n\t* having it set to 1 at creation time, dropped\nin both spufs_dir_close() and spufs_gang_close() and bumped\nin spufs_create_context(), provided that it's not 0.\n\t* using simple_recursive_removal() to take the gang\ndirectory out when counter reaches zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "877907d37da9694a34adc9dc3e2ce09400148cb5",
"version_value": "880e7b3da2e765c1f90c94c0539be039e96c7062"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.22",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.22",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062"
},
{
"url": "https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8"
},
{
"url": "https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45"
},
{
"url": "https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528"
},
{
"url": "https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac"
},
{
"url": "https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22073.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22073",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix a leak on spufs_new_file() failure\n\nIt's called from spufs_fill_dir(), and caller of that will do\nspufs_rmdir() in case of failure. That does remove everything\nwe'd managed to create, but... the problem dentry is still\nnegative. IOW, it needs to be explicitly dropped."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3f51dd91c80746a5cf76f8c4a77bfc88aa82bb9e",
"version_value": "b1eef06d10c1a9848e3a762919bbbe315a0a7cb4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b1eef06d10c1a9848e3a762919bbbe315a0a7cb4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1eef06d10c1a9848e3a762919bbbe315a0a7cb4"
},
{
"url": "https://git.kernel.org/stable/c/132925bd6772d7614340fb755ac5415462ac8edd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/132925bd6772d7614340fb755ac5415462ac8edd"
},
{
"url": "https://git.kernel.org/stable/c/53b189651c33b5f1fb3b755e6a37a8206978514e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53b189651c33b5f1fb3b755e6a37a8206978514e"
},
{
"url": "https://git.kernel.org/stable/c/96de7fbdc2dcadeebc17c3cb89e7cdab487bfce0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96de7fbdc2dcadeebc17c3cb89e7cdab487bfce0"
},
{
"url": "https://git.kernel.org/stable/c/90d1b276d1b1379d20ad27d1f6349ba9f44a2e00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90d1b276d1b1379d20ad27d1f6349ba9f44a2e00"
},
{
"url": "https://git.kernel.org/stable/c/35f789ccebd69f6f9a1e0a9b85435003b2450065",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35f789ccebd69f6f9a1e0a9b85435003b2450065"
},
{
"url": "https://git.kernel.org/stable/c/d791985ceeb081155b4e96d314ca54c7605dcbe0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d791985ceeb081155b4e96d314ca54c7605dcbe0"
},
{
"url": "https://git.kernel.org/stable/c/0bd56e4e72c354b65c0a7e5ac1c09eca81949d5b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0bd56e4e72c354b65c0a7e5ac1c09eca81949d5b"
},
{
"url": "https://git.kernel.org/stable/c/d1ca8698ca1332625d83ea0d753747be66f9906d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d1ca8698ca1332625d83ea0d753747be66f9906d"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

140
2025/22xxx/CVE-2025-22074.json
View File

@ -1,18 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22074",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix r_count dec/increment mismatch\n\nr_count is only increased when there is an oplock break wait,\nso r_count inc/decrement are not paired. This can cause r_count\nto become negative, which can lead to a problem where the ksmbd\nthread does not terminate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "09aeab68033161cb54f194da93e51a11aee6144b",
"version_value": "4790bcb269e5d6d88200a67c54ae6d627332a3be"
},
{
"version_affected": "<",
"version_name": "a4261bbc33fbf99b99c80aa3a2c5097611802980",
"version_value": "457db486203c90e10c3efc87fd45cc7000b1cd36"
},
{
"version_affected": "<",
"version_name": "f17d1c63a76b0fe8e9c78023a86507a3a6d62cfa",
"version_value": "20378cf48359f39dee0ef9b61470ebe77bd49c0d"
},
{
"version_affected": "<",
"version_name": "3aa660c059240e0c795217182cf7df32909dd917",
"version_value": "c2ec33d46b4d1c8085dab5d02e00b21f4f0fb8a9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4790bcb269e5d6d88200a67c54ae6d627332a3be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4790bcb269e5d6d88200a67c54ae6d627332a3be"
},
{
"url": "https://git.kernel.org/stable/c/457db486203c90e10c3efc87fd45cc7000b1cd36",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/457db486203c90e10c3efc87fd45cc7000b1cd36"
},
{
"url": "https://git.kernel.org/stable/c/20378cf48359f39dee0ef9b61470ebe77bd49c0d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/20378cf48359f39dee0ef9b61470ebe77bd49c0d"
},
{
"url": "https://git.kernel.org/stable/c/c2ec33d46b4d1c8085dab5d02e00b21f4f0fb8a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c2ec33d46b4d1c8085dab5d02e00b21f4f0fb8a9"
},
{
"url": "https://git.kernel.org/stable/c/ddb7ea36ba7129c2ed107e2186591128618864e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddb7ea36ba7129c2ed107e2186591128618864e1"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

158
2025/22xxx/CVE-2025-22075.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22075",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Allocate vfinfo size for VF GUIDs when supported\n\nCommit 30aad41721e0 (\"net/core: Add support for getting VF GUIDs\")\nadded support for getting VF port and node GUIDs in netlink ifinfo\nmessages, but their size was not taken into consideration in the\nfunction that allocates the netlink message, causing the following\nwarning when a netlink message is filled with many VF port and node\nGUIDs:\n # echo 64 > /sys/bus/pci/devices/0000\\:08\\:00.0/sriov_numvfs\n # ip link show dev ib0\n RTNETLINK answers: Message too long\n Cannot send link get request: Message too long\n\nKernel warning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0\n Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core\n CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rtnl_getlink+0x586/0x5a0\n Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff <0f> 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00\n RSP: 0018:ffff888113557348 EFLAGS: 00010246\n RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000\n RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8\n RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000\n R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00\n R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff\n FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __warn+0xa5/0x230\n ? rtnl_getlink+0x586/0x5a0\n ? report_bug+0x22d/0x240\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_trim+0x6a/0x80\n ? rtnl_getlink+0x586/0x5a0\n ? __pfx_rtnl_getlink+0x10/0x10\n ? rtnetlink_rcv_msg+0x1e5/0x860\n ? __pfx___mutex_lock+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx_lock_acquire+0x10/0x10\n ? stack_trace_save+0x90/0xd0\n ? filter_irq_stacks+0x1d/0x70\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n rtnetlink_rcv_msg+0x21c/0x860\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? arch_stack_walk+0x9e/0xf0\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n ? rcu_is_watching+0x34/0x60\n netlink_rcv_skb+0xe0/0x210\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? __pfx_netlink_rcv_skb+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx___netlink_lookup+0x10/0x10\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0xfd/0x290\n ? rcu_is_watching+0x34/0x60\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0x95/0x290\n netlink_unicast+0x31f/0x480\n ? __pfx_netlink_unicast+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n netlink_sendmsg+0x369/0x660\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? import_ubuf+0xb9/0xf0\n ? __import_iovec+0x254/0x2b0\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ____sys_sendmsg+0x559/0x5a0\n ? __pfx_____sys_sendmsg+0x10/0x10\n ? __pfx_copy_msghdr_from_user+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? do_read_fault+0x213/0x4a0\n ? rcu_is_watching+0x34/0x60\n ___sys_sendmsg+0xe4/0x150\n ? __pfx____sys_sendmsg+0x10/0x10\n ? do_fault+0x2cc/0x6f0\n ? handle_pte_fault+0x2e3/0x3d0\n ? __pfx_handle_pte_fault+0x10/0x10\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "30aad41721e087babcf27c5192474724d555936c",
"version_value": "0f5489707cf528f9df2f39a3045c1ee713ec90e7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0f5489707cf528f9df2f39a3045c1ee713ec90e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f5489707cf528f9df2f39a3045c1ee713ec90e7"
},
{
"url": "https://git.kernel.org/stable/c/bb7bdf636cef74cdd7a7d548bdc7457ae161f617",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bb7bdf636cef74cdd7a7d548bdc7457ae161f617"
},
{
"url": "https://git.kernel.org/stable/c/5fed5f6de3cf734b231a11775748a6871ee3020f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5fed5f6de3cf734b231a11775748a6871ee3020f"
},
{
"url": "https://git.kernel.org/stable/c/15f150771e0ec97f8ab1657e7d2568e593c7fa04",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15f150771e0ec97f8ab1657e7d2568e593c7fa04"
},
{
"url": "https://git.kernel.org/stable/c/28b21ee8e8fb326ba961a4bbce04ec04c65e705a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28b21ee8e8fb326ba961a4bbce04ec04c65e705a"
},
{
"url": "https://git.kernel.org/stable/c/365c1ae819455561d4746aafabad673e4bcb0163",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/365c1ae819455561d4746aafabad673e4bcb0163"
},
{
"url": "https://git.kernel.org/stable/c/5f39454468329bb7fc7fc4895a6ba6ae3b95027e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f39454468329bb7fc7fc4895a6ba6ae3b95027e"
},
{
"url": "https://git.kernel.org/stable/c/23f00807619d15063d676218f36c5dfeda1eb420",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/23f00807619d15063d676218f36c5dfeda1eb420"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22076.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22076",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix missing shutdown check\n\nxfstests generic/730 test failed because after deleting the device\nthat still had dirty data, the file could still be read without\nreturning an error. The reason is the missing shutdown check in\n->read_iter.\n\nI also noticed that shutdown checks were missing from ->write_iter,\n->splice_read, and ->mmap. This commit adds shutdown checks to all\nof them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f761fcdd289d07e8547fef7ac76c3760fc7803f2",
"version_value": "4a9595eb024b8319957c178be3cdeed613ac0795"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4a9595eb024b8319957c178be3cdeed613ac0795",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4a9595eb024b8319957c178be3cdeed613ac0795"
},
{
"url": "https://git.kernel.org/stable/c/e41e33eb795cb9c1ead6ac627d8710546fac6e81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e41e33eb795cb9c1ead6ac627d8710546fac6e81"
},
{
"url": "https://git.kernel.org/stable/c/539147585ca453db6e3d7a5cf3b9c9690513762d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/539147585ca453db6e3d7a5cf3b9c9690513762d"
},
{
"url": "https://git.kernel.org/stable/c/47e35366bc6fa3cf189a8305bce63992495f3efa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47e35366bc6fa3cf189a8305bce63992495f3efa"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

130
2025/22xxx/CVE-2025-22077.json
View File

@ -1,18 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22077",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix netns refcount imbalance causing leaks and use-after-free\n\nCommit ef7134c7fc48 (\"smb: client: Fix use-after-free of network\nnamespace.\") attempted to fix a netns use-after-free issue by manually\nadjusting reference counts via sk->sk_net_refcnt and sock_inuse_add().\n\nHowever, a later commit e9f2517a3e18 (\"smb: client: fix TCP timers deadlock\nafter rmmod\") pointed out that the approach of manually setting\nsk->sk_net_refcnt in the first commit was technically incorrect, as\nsk->sk_net_refcnt should only be set for user sockets. It led to issues\nlike TCP timers not being cleared properly on close. The second commit\nmoved to a model of just holding an extra netns reference for\nserver->ssocket using get_net(), and dropping it when the server is torn\ndown.\n\nBut there remain some gaps in the get_net()/put_net() balancing added by\nthese commits. The incomplete reference handling in these fixes results\nin two issues:\n\n1. Netns refcount leaks[1]\n\nThe problem process is as follows:\n\n```\nmount.cifs cifsd\n\ncifs_do_mount\n cifs_mount\n cifs_mount_get_session\n cifs_get_tcp_session\n get_net() /* First get net. */\n ip_connect\n generic_ip_connect /* Try port 445 */\n get_net()\n ->connect() /* Failed */\n put_net()\n generic_ip_connect /* Try port 139 */\n get_net() /* Missing matching put_net() for this get_net().*/\n cifs_get_smb_ses\n cifs_negotiate_protocol\n smb2_negotiate\n SMB2_negotiate\n cifs_send_recv\n wait_for_response\n cifs_demultiplex_thread\n cifs_read_from_socket\n cifs_readv_from_socket\n cifs_reconnect\n cifs_abort_connection\n sock_release();\n server->ssocket = NULL;\n /* Missing put_net() here. */\n generic_ip_connect\n get_net()\n ->connect() /* Failed */\n put_net()\n sock_release();\n server->ssocket = NULL;\n free_rsp_buf\n ...\n clean_demultiplex_info\n /* It's only called once here. */\n put_net()\n```\n\nWhen cifs_reconnect() is triggered, the server->ssocket is released\nwithout a corresponding put_net() for the reference acquired in\ngeneric_ip_connect() before. it ends up calling generic_ip_connect()\nagain to retry get_net(). After that, server->ssocket is set to NULL\nin the error path of generic_ip_connect(), and the net count cannot be\nreleased in the final clean_demultiplex_info() function.\n\n2. Potential use-after-free\n\nThe current refcounting scheme can lead to a potential use-after-free issue\nin the following scenario:\n\n```\n cifs_do_mount\n cifs_mount\n cifs_mount_get_session\n cifs_get_tcp_session\n get_net() /* First get net */\n ip_connect\n generic_ip_connect\n get_net()\n bind_socket\n\t kernel_bind /* failed */\n put_net()\n /* after out_err_crypto_release label */\n put_net()\n /* after out_err label */\n put_net()\n```\n\nIn the exception handling process where binding the socket fails, the\nget_net() and put_net() calls are unbalanced, which may cause the\nserver->net reference count to drop to zero and be prematurely released.\n\nTo address both issues, this patch ties the netns reference counti\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e8c71494181153a134c96da28766a57bd1eac8cb",
"version_value": "c6b6b8dcef4adf8ee4e439bb97e74106096c71b8"
},
{
"version_affected": "<",
"version_name": "ef7134c7fc48e1441b398e55a862232868a6f0a7",
"version_value": "7d8dfc27d90d41627c0d6ada97ed0ab57b3dae25"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c6b6b8dcef4adf8ee4e439bb97e74106096c71b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c6b6b8dcef4adf8ee4e439bb97e74106096c71b8"
},
{
"url": "https://git.kernel.org/stable/c/7d8dfc27d90d41627c0d6ada97ed0ab57b3dae25",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d8dfc27d90d41627c0d6ada97ed0ab57b3dae25"
},
{
"url": "https://git.kernel.org/stable/c/961755d0055e0e96d1849cc0425da966c8a64e53",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/961755d0055e0e96d1849cc0425da966c8a64e53"
},
{
"url": "https://git.kernel.org/stable/c/476617a4ca0123f0df677d547a82a110c27c8c74",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/476617a4ca0123f0df677d547a82a110c27c8c74"
},
{
"url": "https://git.kernel.org/stable/c/4e7f1644f2ac6d01dc584f6301c3b1d5aac4eaef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e7f1644f2ac6d01dc584f6301c3b1d5aac4eaef"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22078.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vchiq_arm: Fix possible NPR of keep-alive thread\n\nIn case vchiq_platform_conn_state_changed() is never called or fails before\ndriver removal, ka_thread won't be a valid pointer to a task_struct. So\ndo the necessary checks before calling kthread_stop to avoid a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "863a756aaf49ed23d25bbb1dad999a85f09e1836",
"version_value": "1817c4b85011998604e5ff9a80a6e01adb7e7e81"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1817c4b85011998604e5ff9a80a6e01adb7e7e81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1817c4b85011998604e5ff9a80a6e01adb7e7e81"
},
{
"url": "https://git.kernel.org/stable/c/a915c896f95a989a7759a73f8c064f5dc3775175",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a915c896f95a989a7759a73f8c064f5dc3775175"
},
{
"url": "https://git.kernel.org/stable/c/bd38395b901327f77a82112f006240de22cf2ceb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd38395b901327f77a82112f006240de22cf2ceb"
},
{
"url": "https://git.kernel.org/stable/c/3db89bc6d973e2bcaa852f6409c98c228f39a926",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3db89bc6d973e2bcaa852f6409c98c228f39a926"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22079.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22079",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate l_tree_depth to avoid out-of-bounds access\n\nThe l_tree_depth field is 16-bit (__le16), but the actual maximum depth is\nlimited to OCFS2_MAX_PATH_DEPTH.\n\nAdd a check to prevent out-of-bounds access if l_tree_depth has an invalid\nvalue, which may occur when reading from a corrupted mounted disk [1]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c",
"version_value": "ef34840bda333fe99bafbd2d73b70ceaaf9eba66"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66"
},
{
"url": "https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3"
},
{
"url": "https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8"
},
{
"url": "https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a"
},
{
"url": "https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3"
},
{
"url": "https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683"
},
{
"url": "https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d"
},
{
"url": "https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c"
},
{
"url": "https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22080.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22080",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Prevent integer overflow in hdr_first_de()\n\nThe \"de_off\" and \"used\" variables come from the disk so they both need to\ncheck. The problem is that on 32bit systems if they're both greater than\nUINT_MAX - 16 then the check does work as intended because of an integer\noverflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "60ce8dfde03558bfc290cd915c60fa243ba2ae84",
"version_value": "f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6d44b1aa46d317e52c21fb9314cfb20dd69e7b0"
},
{
"url": "https://git.kernel.org/stable/c/201a2bdda13b619c4927700ffe47d387a30ced50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/201a2bdda13b619c4927700ffe47d387a30ced50"
},
{
"url": "https://git.kernel.org/stable/c/85615aa442830027923fc690390fa74d17b36ae1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/85615aa442830027923fc690390fa74d17b36ae1"
},
{
"url": "https://git.kernel.org/stable/c/b9982065b82b4177ba3a7a72ce18c84921f7494d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b9982065b82b4177ba3a7a72ce18c84921f7494d"
},
{
"url": "https://git.kernel.org/stable/c/6bb81b94f7a9cba6bde9a905cef52a65317a8b04",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6bb81b94f7a9cba6bde9a905cef52a65317a8b04"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

147
2025/22xxx/CVE-2025-22081.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22081",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix a couple integer overflows on 32bit systems\n\nOn 32bit systems the \"off + sizeof(struct NTFS_DE)\" addition can\nhave an integer wrapping issue. Fix it by using size_add()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "82cae269cfa953032fbb8980a7d554d60fb00b17",
"version_value": "0922d86a7a6032cb1694eab0b44b861bd33ba8d5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0922d86a7a6032cb1694eab0b44b861bd33ba8d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0922d86a7a6032cb1694eab0b44b861bd33ba8d5"
},
{
"url": "https://git.kernel.org/stable/c/1a14e9718a19d2e88de004a1360bfd7a86ed1395",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1a14e9718a19d2e88de004a1360bfd7a86ed1395"
},
{
"url": "https://git.kernel.org/stable/c/0dfe700fbd3525f30a36ffbe390a5b9319bd009a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0dfe700fbd3525f30a36ffbe390a5b9319bd009a"
},
{
"url": "https://git.kernel.org/stable/c/284c9549386e9883855fb82b730303bb2edea9de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/284c9549386e9883855fb82b730303bb2edea9de"
},
{
"url": "https://git.kernel.org/stable/c/0538f52410b619737e663167b6a2b2d0bc1a589d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0538f52410b619737e663167b6a2b2d0bc1a589d"
},
{
"url": "https://git.kernel.org/stable/c/4d0f4f42922a832388a0c2fe5204c0a1037ff786",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d0f4f42922a832388a0c2fe5204c0a1037ff786"
},
{
"url": "https://git.kernel.org/stable/c/5ad414f4df2294b28836b5b7b69787659d6aa708",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ad414f4df2294b28836b5b7b69787659d6aa708"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22082.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: backend: make sure to NULL terminate stack buffer\n\nMake sure to NULL terminate the buffer in\niio_backend_debugfs_write_reg() before passing it to sscanf(). It is a\nstack variable so we should not assume it will 0 initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cdf01e0809a4c6c7877ea52401c2a6679df7aed6",
"version_value": "df3892e5e861c43d5612728ed259634675b8a71f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/df3892e5e861c43d5612728ed259634675b8a71f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/df3892e5e861c43d5612728ed259634675b8a71f"
},
{
"url": "https://git.kernel.org/stable/c/04271a4d2740f98bbe36f82cd3d74677a839d1eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/04271a4d2740f98bbe36f82cd3d74677a839d1eb"
},
{
"url": "https://git.kernel.org/stable/c/fd791c81f410ab1c554686a6f486dc7a176dfe35",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd791c81f410ab1c554686a6f486dc7a176dfe35"
},
{
"url": "https://git.kernel.org/stable/c/035b4989211dc1c8626e186d655ae8ca5141bb73",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/035b4989211dc1c8626e186d655ae8ca5141bb73"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22083.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint\n\nIf vhost_scsi_set_endpoint is called multiple times without a\nvhost_scsi_clear_endpoint between them, we can hit multiple bugs\nfound by Haoran Zhang:\n\n1. Use-after-free when no tpgs are found:\n\nThis fixes a use after free that occurs when vhost_scsi_set_endpoint is\ncalled more than once and calls after the first call do not find any\ntpgs to add to the vs_tpg. When vhost_scsi_set_endpoint first finds\ntpgs to add to the vs_tpg array match=true, so we will do:\n\nvhost_vq_set_backend(vq, vs_tpg);\n...\n\nkfree(vs->vs_tpg);\nvs->vs_tpg = vs_tpg;\n\nIf vhost_scsi_set_endpoint is called again and no tpgs are found\nmatch=false so we skip the vhost_vq_set_backend call leaving the\npointer to the vs_tpg we then free via:\n\nkfree(vs->vs_tpg);\nvs->vs_tpg = vs_tpg;\n\nIf a scsi request is then sent we do:\n\nvhost_scsi_handle_vq -> vhost_scsi_get_req -> vhost_vq_get_backend\n\nwhich sees the vs_tpg we just did a kfree on.\n\n2. Tpg dir removal hang:\n\nThis patch fixes an issue where we cannot remove a LIO/target layer\ntpg (and structs above it like the target) dir due to the refcount\ndropping to -1.\n\nThe problem is that if vhost_scsi_set_endpoint detects a tpg is already\nin the vs->vs_tpg array or if the tpg has been removed so\ntarget_depend_item fails, the undepend goto handler will do\ntarget_undepend_item on all tpgs in the vs_tpg array dropping their\nrefcount to 0. At this time vs_tpg contains both the tpgs we have added\nin the current vhost_scsi_set_endpoint call as well as tpgs we added in\nprevious calls which are also in vs->vs_tpg.\n\nLater, when vhost_scsi_clear_endpoint runs it will do\ntarget_undepend_item on all the tpgs in the vs->vs_tpg which will drop\ntheir refcount to -1. Userspace will then not be able to remove the tpg\nand will hang when it tries to do rmdir on the tpg dir.\n\n3. Tpg leak:\n\nThis fixes a bug where we can leak tpgs and cause them to be\nun-removable because the target name is overwritten when\nvhost_scsi_set_endpoint is called multiple times but with different\ntarget names.\n\nThe bug occurs if a user has called VHOST_SCSI_SET_ENDPOINT and setup\na vhost-scsi device to target/tpg mapping, then calls\nVHOST_SCSI_SET_ENDPOINT again with a new target name that has tpgs we\nhaven't seen before (target1 has tpg1 but target2 has tpg2). When this\nhappens we don't teardown the old target tpg mapping and just overwrite\nthe target name and the vs->vs_tpg array. Later when we do\nvhost_scsi_clear_endpoint, we are passed in either target1 or target2's\nname and we will only match that target's tpgs when we loop over the\nvs->vs_tpg. We will then return from the function without doing\ntarget_undepend_item on the tpgs.\n\nBecause of all these bugs, it looks like being able to call\nvhost_scsi_set_endpoint multiple times was never supported. The major\nuser, QEMU, already has checks to prevent this use case. So to fix the\nissues, this patch prevents vhost_scsi_set_endpoint from being called\nif it's already successfully added tpgs. To add, remove or change the\ntpg config or target name, you must do a vhost_scsi_clear_endpoint\nfirst."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4f7f46d32c9875004fae1d57ae3c02cc2e6cd6a3",
"version_value": "2b34bdc42df047794542f3e220fe989124e4499a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2b34bdc42df047794542f3e220fe989124e4499a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b34bdc42df047794542f3e220fe989124e4499a"
},
{
"url": "https://git.kernel.org/stable/c/3a19eb3d9818e28f14c818a18dc913344a52ca92",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a19eb3d9818e28f14c818a18dc913344a52ca92"
},
{
"url": "https://git.kernel.org/stable/c/3fd054baf382a426bbf5135ede0fc5673db74d3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3fd054baf382a426bbf5135ede0fc5673db74d3e"
},
{
"url": "https://git.kernel.org/stable/c/63b449f73ab0dcc0ba11ceaa4c5c70bc86ccf03c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63b449f73ab0dcc0ba11ceaa4c5c70bc86ccf03c"
},
{
"url": "https://git.kernel.org/stable/c/5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22084.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nw1: fix NULL pointer dereference in probe\n\nThe w1_uart_probe() function calls w1_uart_serdev_open() (which includes\ndevm_serdev_device_open()) before setting the client ops via\nserdev_device_set_client_ops(). This ordering can trigger a NULL pointer\ndereference in the serdev controller's receive_buf handler, as it assumes\nserdev->ops is valid when SERPORT_ACTIVE is set.\n\nThis is similar to the issue fixed in commit 5e700b384ec1\n(\"platform/chrome: cros_ec_uart: properly fix race condition\") where\ndevm_serdev_device_open() was called before fully initializing the\ndevice.\n\nFix the race by ensuring client ops are set before enabling the port via\nw1_uart_serdev_open()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a3c08804364e80328a9ffdac59bb26676b938195",
"version_value": "4f750b84628080ff0d67bf1af67a4967b740acf2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4f750b84628080ff0d67bf1af67a4967b740acf2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4f750b84628080ff0d67bf1af67a4967b740acf2"
},
{
"url": "https://git.kernel.org/stable/c/64ab50577c59bb7049bec6b5c42d1c38e4029f29",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/64ab50577c59bb7049bec6b5c42d1c38e4029f29"
},
{
"url": "https://git.kernel.org/stable/c/cc6b0ec7cccbf66ef3621e9e93296b7bd1f52298",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc6b0ec7cccbf66ef3621e9e93296b7bd1f52298"
},
{
"url": "https://git.kernel.org/stable/c/0dd6770a72f138dabea9eae87f3da6ffa68f0d06",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0dd6770a72f138dabea9eae87f3da6ffa68f0d06"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22085.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22085",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix use-after-free when rename device name\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099\nRead of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025\n\nCPU: 0 UID: 0 PID: 10025 Comm: syz.0.988\nNot tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x16e/0x5b0 mm/kasan/report.c:521\n kasan_report+0x143/0x180 mm/kasan/report.c:634\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n nla_put+0xd3/0x150 lib/nlattr.c:1099\n nla_put_string include/net/netlink.h:1621 [inline]\n fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265\n rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857\n ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344\n ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:709 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:724\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2564\n ___sys_sendmsg net/socket.c:2618 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2650\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f42d1b8d169\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ...\nRSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169\nRDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c\nRBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8\n </TASK>\n\nAllocated by task 10025:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313\n __kmemdup_nul mm/util.c:61 [inline]\n kstrdup+0x42/0x100 mm/util.c:81\n kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274\n dev_set_name+0xd5/0x120 drivers/base/core.c:3468\n assign_name drivers/infiniband/core/device.c:1202 [inline]\n ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9cbed5aab5aeea420d0aa945733bf608449d44fb",
"version_value": "0d6460b9d2a3ee380940bdf47680751ef91cb88e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e"
},
{
"url": "https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e60f1aad56d201db"
},
{
"url": "https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499ab362098a5a9716"
},
{
"url": "https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d6a9e7449e2a0c1e2934eee7880ba8bd1e464cd"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

169
2025/22xxx/CVE-2025-22086.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\n\nWhen cur_qp isn't NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\n\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that's wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\n\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\n\nThis issue is mainly noticeable over QPs 0 & 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn't match the QP number inside mlx5_core_qp.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\n RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 <0f> b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\n RSP: 0018:ffff88810511bd60 EFLAGS: 00010046\n RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\n RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\n R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\n FS: 0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\n Call Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n __ib_process_cq+0x5a/0x150 [ib_core]\n ib_cq_poll_work+0x31/0x90 [ib_core]\n process_one_work+0x169/0x320\n worker_thread+0x288/0x3a0\n ? work_busy+0xb0/0xb0\n kthread+0xd7/0x1f0\n ? kthreads_online_cpu+0x130/0x130\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork+0x2d/0x50\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork_asm+0x11/0x20\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c",
"version_value": "3b97d77049856865ac5ce8ffbc6e716928310f7f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3b97d77049856865ac5ce8ffbc6e716928310f7f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3b97d77049856865ac5ce8ffbc6e716928310f7f"
},
{
"url": "https://git.kernel.org/stable/c/856d9e5d72dc44eca6d5a153581c58fbd84e92e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/856d9e5d72dc44eca6d5a153581c58fbd84e92e1"
},
{
"url": "https://git.kernel.org/stable/c/f0447ceb8a31d79bee7144f98f9a13f765531e1a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0447ceb8a31d79bee7144f98f9a13f765531e1a"
},
{
"url": "https://git.kernel.org/stable/c/dc7139b7031d877acd73d7eff55670f22f48cd5e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc7139b7031d877acd73d7eff55670f22f48cd5e"
},
{
"url": "https://git.kernel.org/stable/c/7c51a6964b45b6d40027abd77e89cef30d26dc5a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c51a6964b45b6d40027abd77e89cef30d26dc5a"
},
{
"url": "https://git.kernel.org/stable/c/cad677085274ecf9c7565b5bfc5d2e49acbf174c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cad677085274ecf9c7565b5bfc5d2e49acbf174c"
},
{
"url": "https://git.kernel.org/stable/c/55c65a64aefa6267b964d90e9a4039cb68ec73a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/55c65a64aefa6267b964d90e9a4039cb68ec73a5"
},
{
"url": "https://git.kernel.org/stable/c/d52636eb13ccba448a752964cc6fc49970912874",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d52636eb13ccba448a752964cc6fc49970912874"
},
{
"url": "https://git.kernel.org/stable/c/5ed3b0cb3f827072e93b4c5b6e2b8106fd7cccbd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ed3b0cb3f827072e93b4c5b6e2b8106fd7cccbd"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22087.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix array bounds error with may_goto\n\nmay_goto uses an additional 8 bytes on the stack, which causes the\ninterpreters[] array to go out of bounds when calculating index by\nstack_size.\n\n1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT\ncases, reject loading directly.\n\n2. For non-JIT cases, calculating interpreters[idx] may still cause\nout-of-bounds array access, and just warn about it.\n\n3. For jit_requested cases, the execution of bpf_func also needs to be\nwarned. So move the definition of function __bpf_prog_ret0_warn out of\nthe macro definition CONFIG_BPF_JIT_ALWAYS_ON."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "011832b97b311bb9e3c27945bc0d1089a14209c9",
"version_value": "19e6817f84000d0b06f09fd69ebd56217842c122"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122"
},
{
"url": "https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643"
},
{
"url": "https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8"
},
{
"url": "https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

136
2025/22xxx/CVE-2025-22088.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "920d93eac8b97778fef48f34f10e58ddf870fc2a",
"version_value": "bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4"
},
{
"url": "https://git.kernel.org/stable/c/667a628ab67d359166799fad89b3c6909599558a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/667a628ab67d359166799fad89b3c6909599558a"
},
{
"url": "https://git.kernel.org/stable/c/a114d25d584c14019d31dbf2163780c47415a187",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a114d25d584c14019d31dbf2163780c47415a187"
},
{
"url": "https://git.kernel.org/stable/c/78411a133312ce7d8a3239c76a8fd85bca1cc10f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/78411a133312ce7d8a3239c76a8fd85bca1cc10f"
},
{
"url": "https://git.kernel.org/stable/c/7aa6bb5276d9fec98deb05615a086eeb893854ad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7aa6bb5276d9fec98deb05615a086eeb893854ad"
},
{
"url": "https://git.kernel.org/stable/c/83437689249e6a17b25e27712fbee292e42e7855",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83437689249e6a17b25e27712fbee292e42e7855"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

147
2025/22xxx/CVE-2025-22089.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Don't expose hw_counters outside of init net namespace\n\nCommit 467f432a521a (\"RDMA/core: Split port and device counter sysfs\nattributes\") accidentally almost exposed hw counters to non-init net\nnamespaces. It didn't expose them fully, as an attempt to read any of\nthose counters leads to a crash like this one:\n\n[42021.807566] BUG: kernel NULL pointer dereference, address: 0000000000000028\n[42021.814463] #PF: supervisor read access in kernel mode\n[42021.819549] #PF: error_code(0x0000) - not-present page\n[42021.824636] PGD 0 P4D 0\n[42021.827145] Oops: 0000 [#1] SMP PTI\n[42021.830598] CPU: 82 PID: 2843922 Comm: switchto-defaul Kdump: loaded Tainted: G S W I XXX\n[42021.841697] Hardware name: XXX\n[42021.849619] RIP: 0010:hw_stat_device_show+0x1e/0x40 [ib_core]\n[42021.855362] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 49 89 d0 4c 8b 5e 20 48 8b 8f b8 04 00 00 48 81 c7 f0 fa ff ff <48> 8b 41 28 48 29 ce 48 83 c6 d0 48 c1 ee 04 69 d6 ab aa aa aa 48\n[42021.873931] RSP: 0018:ffff97fe90f03da0 EFLAGS: 00010287\n[42021.879108] RAX: ffff9406988a8c60 RBX: ffff940e1072d438 RCX: 0000000000000000\n[42021.886169] RDX: ffff94085f1aa000 RSI: ffff93c6cbbdbcb0 RDI: ffff940c7517aef0\n[42021.893230] RBP: ffff97fe90f03e70 R08: ffff94085f1aa000 R09: 0000000000000000\n[42021.900294] R10: ffff94085f1aa000 R11: ffffffffc0775680 R12: ffffffff87ca2530\n[42021.907355] R13: ffff940651602840 R14: ffff93c6cbbdbcb0 R15: ffff94085f1aa000\n[42021.914418] FS: 00007fda1a3b9700(0000) GS:ffff94453fb80000(0000) knlGS:0000000000000000\n[42021.922423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[42021.928130] CR2: 0000000000000028 CR3: 00000042dcfb8003 CR4: 00000000003726f0\n[42021.935194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[42021.942257] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[42021.949324] Call Trace:\n[42021.951756] <TASK>\n[42021.953842] [<ffffffff86c58674>] ? show_regs+0x64/0x70\n[42021.959030] [<ffffffff86c58468>] ? __die+0x78/0xc0\n[42021.963874] [<ffffffff86c9ef75>] ? page_fault_oops+0x2b5/0x3b0\n[42021.969749] [<ffffffff87674b92>] ? exc_page_fault+0x1a2/0x3c0\n[42021.975549] [<ffffffff87801326>] ? asm_exc_page_fault+0x26/0x30\n[42021.981517] [<ffffffffc0775680>] ? __pfx_show_hw_stats+0x10/0x10 [ib_core]\n[42021.988482] [<ffffffffc077564e>] ? hw_stat_device_show+0x1e/0x40 [ib_core]\n[42021.995438] [<ffffffff86ac7f8e>] dev_attr_show+0x1e/0x50\n[42022.000803] [<ffffffff86a3eeb1>] sysfs_kf_seq_show+0x81/0xe0\n[42022.006508] [<ffffffff86a11134>] seq_read_iter+0xf4/0x410\n[42022.011954] [<ffffffff869f4b2e>] vfs_read+0x16e/0x2f0\n[42022.017058] [<ffffffff869f50ee>] ksys_read+0x6e/0xe0\n[42022.022073] [<ffffffff8766f1ca>] do_syscall_64+0x6a/0xa0\n[42022.027441] [<ffffffff8780013b>] entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe problem can be reproduced using the following steps:\n ip netns add foo\n ip netns exec foo bash\n cat /sys/class/infiniband/mlx4_0/hw_counters/*\n\nThe panic occurs because of casting the device pointer into an\nib_device pointer using container_of() in hw_stat_device_show() is\nwrong and leads to a memory corruption.\n\nHowever the real problem is that hw counters should never been exposed\noutside of the non-init net namespace.\n\nFix this by saving the index of the corresponding attribute group\n(it might be 1 or 2 depending on the presence of driver-specific\nattributes) and zeroing the pointer to hw_counters group for compat\ndevices during the initialization.\n\nWith this fix applied hw_counters are not available in a non-init\nnet namespace:\n find /sys/class/infiniband/mlx4_0/ -name hw_counters\n /sys/class/infiniband/mlx4_0/ports/1/hw_counters\n /sys/class/infiniband/mlx4_0/ports/2/hw_counters\n /sys/class/infiniband/mlx4_0/hw_counters\n\n ip netns add foo\n ip netns exec foo bash\n find /sys/class/infiniband/mlx4_0/ -name hw_counters"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "467f432a521a284c418e3d521ee51840a5e23424",
"version_value": "9a5b7f8842a90a5e6eeff37f9f6d814e61ea3529"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9a5b7f8842a90a5e6eeff37f9f6d814e61ea3529",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a5b7f8842a90a5e6eeff37f9f6d814e61ea3529"
},
{
"url": "https://git.kernel.org/stable/c/d5212b99649c5740154f307e9e3d7fee9bf62773",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5212b99649c5740154f307e9e3d7fee9bf62773"
},
{
"url": "https://git.kernel.org/stable/c/0cf80f924aecb5b2bebd4f4ad11b2efc676a0b78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0cf80f924aecb5b2bebd4f4ad11b2efc676a0b78"
},
{
"url": "https://git.kernel.org/stable/c/df45ae2a4f1cdfda00c032839e12092e1f32c05e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/df45ae2a4f1cdfda00c032839e12092e1f32c05e"
},
{
"url": "https://git.kernel.org/stable/c/c14d9704f5d77a7c7fa46e2114b64a4f75b64e17",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c14d9704f5d77a7c7fa46e2114b64a4f75b64e17"
},
{
"url": "https://git.kernel.org/stable/c/6682da5d8fd578a5068531d01633c9d2e4c8f12b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6682da5d8fd578a5068531d01633c9d2e4c8f12b"
},
{
"url": "https://git.kernel.org/stable/c/a1ecb30f90856b0be4168ad51b8875148e285c1f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1ecb30f90856b0be4168ad51b8875148e285c1f"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

125
2025/22xxx/CVE-2025-22090.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we'll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we'll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let's fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won't try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n <TASK>\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2ab640379a0ab4cef746ced1d7e04a0941774bcb",
"version_value": "b07398e8a5da517083f5c3f2daa8f6681b48ab28"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.29",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.29",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b07398e8a5da517083f5c3f2daa8f6681b48ab28",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b07398e8a5da517083f5c3f2daa8f6681b48ab28"
},
{
"url": "https://git.kernel.org/stable/c/8d6373f83f367dbed316ddeb178130a3a64b5b67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d6373f83f367dbed316ddeb178130a3a64b5b67"
},
{
"url": "https://git.kernel.org/stable/c/da381c33f3aa6406406c9fdf07b8b0b63e0ce722",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da381c33f3aa6406406c9fdf07b8b0b63e0ce722"
},
{
"url": "https://git.kernel.org/stable/c/de6185b8892d88142ef69768fe4077cbf40109c0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de6185b8892d88142ef69768fe4077cbf40109c0"
},
{
"url": "https://git.kernel.org/stable/c/dc84bc2aba85a1508f04a936f9f9a15f64ebfb31",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc84bc2aba85a1508f04a936f9f9a15f64ebfb31"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/22xxx/CVE-2025-22091.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix page_size variable overflow\n\nChange all variables storing mlx5_umem_mkc_find_best_pgsz() result to\nunsigned long to support values larger than 31 and avoid overflow.\n\nFor example: If we try to register 4GB of memory that is contiguous in\nphysical memory, the driver will optimize the page_size and try to use\nan mkey with 4GB entity size. The 'unsigned int' page_size variable will\noverflow to '0' and we'll hit the WARN_ON() in alloc_cacheable_mr().\n\nWARNING: CPU: 2 PID: 1203 at drivers/infiniband/hw/mlx5/mr.c:1124 alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nModules linked in: mlx5_ib mlx5_core bonding ip6_gre ip6_tunnel tunnel6 ip_gre gre rdma_rxe rdma_ucm ib_uverbs ib_ipoib ib_umad rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm fuse ib_core [last unloaded: mlx5_core]\nCPU: 2 UID: 70878 PID: 1203 Comm: rdma_resource_l Tainted: G W 6.14.0-rc4-dirty #43\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nCode: 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 41 52 53 48 83 ec 30 f6 46 28 04 4c 8b 77 08 75 21 <0f> 0b 49 c7 c2 ea ff ff ff 48 8d 65 d0 4c 89 d0 5b 41 5a 41 5c 41\nRSP: 0018:ffffc900006ffac8 EFLAGS: 00010246\nRAX: 0000000004c0d0d0 RBX: ffff888217a22000 RCX: 0000000000100001\nRDX: 00007fb7ac480000 RSI: ffff8882037b1240 RDI: ffff8882046f0600\nRBP: ffffc900006ffb28 R08: 0000000000000001 R09: 0000000000000000\nR10: 00000000000007e0 R11: ffffea0008011d40 R12: ffff8882037b1240\nR13: ffff8882046f0600 R14: ffff888217a22000 R15: ffffc900006ffe00\nFS: 00007fb7ed013340(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb7ed1d8000 CR3: 00000001fd8f6006 CR4: 0000000000772eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? __warn+0x81/0x130\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n ? report_bug+0xfc/0x1e0\n ? handle_bug+0x55/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n create_real_mr+0x54/0x150 [mlx5_ib]\n ib_uverbs_reg_mr+0x17f/0x2a0 [ib_uverbs]\n ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xca/0x140 [ib_uverbs]\n ib_uverbs_run_method+0x6d0/0x780 [ib_uverbs]\n ? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x19b/0x360 [ib_uverbs]\n ? walk_system_ram_range+0x79/0xd0\n ? ___pte_offset_map+0x1b/0x110\n ? __pte_offset_map_lock+0x80/0x100\n ib_uverbs_ioctl+0xac/0x110 [ib_uverbs]\n __x64_sys_ioctl+0x94/0xb0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fb7ecf0737b\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 2a 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffdbe03ecc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffdbe03edb8 RCX: 00007fb7ecf0737b\nRDX: 00007ffdbe03eda0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffdbe03ed80 R08: 00007fb7ecc84010 R09: 00007ffdbe03eed4\nR10: 0000000000000009 R11: 0000000000000246 R12: 00007ffdbe03eed4\nR13: 000000000000000c R14: 000000000000000c R15: 00007fb7ecc84150\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cef7dde8836ab09a3bfe96ada4f18ef2496eacc9",
"version_value": "01fd737776ca0f17a96d83cd7f0840ce130b9a02"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/01fd737776ca0f17a96d83cd7f0840ce130b9a02",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01fd737776ca0f17a96d83cd7f0840ce130b9a02"
},
{
"url": "https://git.kernel.org/stable/c/e0c09f639ca0e102f250df8787740c2013e9d1b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e0c09f639ca0e102f250df8787740c2013e9d1b3"
},
{
"url": "https://git.kernel.org/stable/c/05b215d5e219c0228b9c7082ba9bcf176c576646",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/05b215d5e219c0228b9c7082ba9bcf176c576646"
},
{
"url": "https://git.kernel.org/stable/c/f0c2427412b43cdf1b7b0944749ea17ddb97d5a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0c2427412b43cdf1b7b0944749ea17ddb97d5a5"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

103
2025/22xxx/CVE-2025-22092.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix NULL dereference in SR-IOV VF creation error path\n\nClean up when virtfn setup fails to prevent NULL pointer dereference\nduring device removal. The kernel oops below occurred due to incorrect\nerror handling flow when pci_setup_device() fails.\n\nAdd pci_iov_scan_device(), which handles virtfn allocation and setup and\ncleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need\nto call pci_stop_and_remove_bus_device(). This prevents accessing\npartially initialized virtfn devices during removal.\n\n BUG: kernel NULL pointer dereference, address: 00000000000000d0\n RIP: 0010:device_del+0x3d/0x3d0\n Call Trace:\n pci_remove_bus_device+0x7c/0x100\n pci_iov_add_virtfn+0xfa/0x200\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x6a/0x160 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n\n[bhelgaas: commit log, return ERR_PTR(-ENOMEM) directly]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e3f30d563a388220a7c4e3b9a7b52ac0b0324b26",
"version_value": "ef421b4d206f0d3681804b8f94f06a8458a53aaf"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf"
},
{
"url": "https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0"
},
{
"url": "https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

151
2025/22xxx/CVE-2025-22093.json
View File

@ -1,18 +1,161 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid NPD when ASIC does not support DMUB\n\nctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is\ntested in dm_dmub_sw_init.\n\nHowever, it will be dereferenced in dmub_hw_lock_mgr_cmd if\nshould_use_dmub_lock returns true.\n\nThis has been the case since dmub support has been added for PSR1.\n\nFix this by checking for dmub_srv in should_use_dmub_lock.\n\n[ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 37.447808] #PF: supervisor read access in kernel mode\n[ 37.452959] #PF: error_code(0x0000) - not-present page\n[ 37.458112] PGD 0 P4D 0\n[ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88\n[ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5\n[ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202\n[ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358\n[ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000\n[ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5\n[ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000\n[ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000\n[ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000\n[ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0\n[ 37.572697] Call Trace:\n[ 37.575152] <TASK>\n[ 37.577258] ? __die_body+0x66/0xb0\n[ 37.580756] ? page_fault_oops+0x3e7/0x4a0\n[ 37.584861] ? exc_page_fault+0x3e/0xe0\n[ 37.588706] ? exc_page_fault+0x5c/0xe0\n[ 37.592550] ? asm_exc_page_fault+0x22/0x30\n[ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.601107] dcn10_cursor_lock+0x1e1/0x240\n[ 37.605211] program_cursor_attributes+0x81/0x190\n[ 37.609923] commit_planes_for_stream+0x998/0x1ef0\n[ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0\n[ 37.619703] dc_update_planes_and_stream+0x78/0x140\n[ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0\n[ 37.629832] ? srso_return_thunk+0x5/0x5f\n[ 37.633847] ? mark_held_locks+0x6d/0xd0\n[ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50\n[ 37.642135] ? srso_return_thunk+0x5/0x5f\n[ 37.646148] ? lockdep_hardirqs_on+0x95/0x150\n[ 37.650510] ? srso_return_thunk+0x5/0x5f\n[ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50\n[ 37.658883] ? srso_return_thunk+0x5/0x5f\n[ 37.662897] ? wait_for_common+0x186/0x1c0\n[ 37.666998] ? srso_return_thunk+0x5/0x5f\n[ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170\n[ 37.675983] commit_tail+0xf5/0x1c0\n[ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0\n[ 37.684186] drm_atomic_commit+0xd6/0x100\n[ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10\n[ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130\n[ 37.698054] drm_mode_cursor_common+0x501/0x670\n[ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.707572] drm_mode_cursor_ioctl+0x48/0x70\n[ 37.711851] drm_ioctl_kernel+0xf2/0x150\n[ 37.715781] drm_ioctl+0x363/0x590\n[ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.724165] amdgpu_drm_ioctl+0x41/0x80\n[ 37.728013] __se_sys_ioctl+0x7f/0xd0\n[ 37.731685] do_syscall_64+0x87/0x100\n[ 37.735355] ? vma_end_read+0x12/0xe0\n[ 37.739024] ? srso_return_thunk+0x5/0x5f\n[ 37.743041] ? find_held_lock+0x47/0xf0\n[ 37.746884] ? vma_end_read+0x12/0xe0\n[ 37.750552] ? srso_return_thunk+0x5/0\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b7d2461858ac75c9d6bc4ab8af1a738d0814b716",
"version_value": "d953e2cd59ab466569c6f9da460e01caf1c83559"
},
{
"version_affected": "<",
"version_name": "758abba3dd413dc5de2016f8588403294263a30a",
"version_value": "b3a93a2407ad23c8d5bacabaf7cecbb4c6cdd461"
},
{
"version_affected": "<",
"version_name": "4b46fc30b37e457d25cf3908c0c4dc3fbedd2044",
"version_value": "3453bcaf2ca92659346bf8504c2b52b3993fbd79"
},
{
"version_affected": "<",
"version_name": "b5c764d6ed556c4e81fbe3fd976da77ec450c08e",
"version_value": "5e4b1e04740cdb28de189285007366d99a92f1ce"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.134",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.87",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d953e2cd59ab466569c6f9da460e01caf1c83559",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d953e2cd59ab466569c6f9da460e01caf1c83559"
},
{
"url": "https://git.kernel.org/stable/c/b3a93a2407ad23c8d5bacabaf7cecbb4c6cdd461",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3a93a2407ad23c8d5bacabaf7cecbb4c6cdd461"
},
{
"url": "https://git.kernel.org/stable/c/3453bcaf2ca92659346bf8504c2b52b3993fbd79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3453bcaf2ca92659346bf8504c2b52b3993fbd79"
},
{
"url": "https://git.kernel.org/stable/c/5e4b1e04740cdb28de189285007366d99a92f1ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5e4b1e04740cdb28de189285007366d99a92f1ce"
},
{
"url": "https://git.kernel.org/stable/c/35ad39afd007eddf34b3307bebb715c26891cc96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35ad39afd007eddf34b3307bebb715c26891cc96"
},
{
"url": "https://git.kernel.org/stable/c/42d9d7bed270247f134190ba0cb05bbd072f58c2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42d9d7bed270247f134190ba0cb05bbd072f58c2"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

103
2025/22xxx/CVE-2025-22094.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided\nL1<->L2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named 'vpa_pmu' doesn't\nassign ownership of the PMU to the module 'vpa_pmu'. Consequently the\nmodule 'vpa_pmu' can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n<snip>\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n<snip>\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to 'vpa_pmu' so that the module\n'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events\nare initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "176cda0619b6c17a553625f6e2fcbc3981ad667d",
"version_value": "70ea7c5189197c6f5acdcfd8a2651be2c41e2faa"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa"
},
{
"url": "https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9"
},
{
"url": "https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78"
}
]
},
"generator": {
"engine": "bippy-7c5fe7eed585"
}
}

114
2025/3xxx/CVE-2025-3693.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Tenda W12 3.0.0.5 ausgemacht. Dies betrifft die Funktion cgiWifiRadioSet der Datei /bin/httpd. Durch das Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "W12",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.304982",
"refsource": "MISC",
"name": "https://vuldb.com/?id.304982"
},
{
"url": "https://vuldb.com/?ctiid.304982",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.304982"
},
{
"url": "https://vuldb.com/?submit.553526",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.553526"
},
{
"url": "https://github.com/02Tn/vul/issues/1",
"refsource": "MISC",
"name": "https://github.com/02Tn/vul/issues/1"
},
{
"url": "https://www.tenda.com.cn/",
"refsource": "MISC",
"name": "https://www.tenda.com.cn/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T1an (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

18
2025/3xxx/CVE-2025-3733.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3734.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3735.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3736.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3737.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3738.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3739.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43027.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43028.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43031.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43032.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}