From 41c9cb4cea6174fbcc232cea3ad367dee29c79f8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 May 2025 13:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/23xxx/CVE-2025-23154.json | 114 ++++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23155.json | 103 ++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23156.json | 136 ++++++++++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23157.json | 136 ++++++++++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23158.json | 136 ++++++++++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23159.json | 136 ++++++++++++++++++++++++++++++++- 2025/23xxx/CVE-2025-23160.json | 130 ++++++++++++++++++++++++++++++- 7 files changed, 863 insertions(+), 28 deletions(-) diff --git a/2025/23xxx/CVE-2025-23154.json b/2025/23xxx/CVE-2025-23154.json index 5e2bb7e77cf..3c342104918 100644 --- a/2025/23xxx/CVE-2025-23154.json +++ b/2025/23xxx/CVE-2025-23154.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix io_req_post_cqe abuse by send bundle\n\n[ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0\n[ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0\n[ 115.001880][ T5313] Call Trace:\n[ 115.002222][ T5313] \n[ 115.007813][ T5313] io_send+0x4fe/0x10f0\n[ 115.009317][ T5313] io_issue_sqe+0x1a6/0x1740\n[ 115.012094][ T5313] io_wq_submit_work+0x38b/0xed0\n[ 115.013223][ T5313] io_worker_handle_work+0x62a/0x1600\n[ 115.013876][ T5313] io_wq_worker+0x34f/0xdf0\n\nAs the comment states, io_req_post_cqe() should only be used by\nmultishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are\nnot. Add a flag signifying whether a request wants to post multiple\nCQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but\nthat's left out for simplicity." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "a05d1f625c7aa681d8816bc0f10089289ad07aad", + "version_value": "b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.10", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5" + }, + { + "url": "https://git.kernel.org/stable/c/7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378" + }, + { + "url": "https://git.kernel.org/stable/c/9aa804e6b9696998308095fb9d335046a71550f1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9aa804e6b9696998308095fb9d335046a71550f1" + }, + { + "url": "https://git.kernel.org/stable/c/6889ae1b4df1579bcdffef023e2ea9a982565dff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6889ae1b4df1579bcdffef023e2ea9a982565dff" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23155.json b/2025/23xxx/CVE-2025-23155.json index db1f322dfcc..859dcddd3e8 100644 --- a/2025/23xxx/CVE-2025-23155.json +++ b/2025/23xxx/CVE-2025-23155.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nThe cpumask should not be a local variable, since its pointer is saved\nto irq_desc and may be accessed from procfs.\nTo fix it, use the persistent mask cpumask_of(cpu#)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e", + "version_value": "e148266e104fce396ad624079a6812ac3a9982ef" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef" + }, + { + "url": "https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd" + }, + { + "url": "https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23156.json b/2025/23xxx/CVE-2025-23156.json index 9b00b8c6f08..638e397eaa6 100644 --- a/2025/23xxx/CVE-2025-23156.json +++ b/2025/23xxx/CVE-2025-23156.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: refactor hfi packet parsing logic\n\nwords_count denotes the number of words in total payload, while data\npoints to payload of various property within it. When words_count\nreaches last word, data can access memory beyond the total payload. This\ncan lead to OOB access. With this patch, the utility api for handling\nindividual properties now returns the size of data consumed. Accordingly\nremaining bytes are calculated before parsing the payload, thereby\neliminates the OOB access possibilities." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1a73374a04e555103e5369429a30999114001dda", + "version_value": "0f9a4bab7d83738963365372e4745854938eab2d" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.135", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.88", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0f9a4bab7d83738963365372e4745854938eab2d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0f9a4bab7d83738963365372e4745854938eab2d" + }, + { + "url": "https://git.kernel.org/stable/c/05b07e52a0d08239147ba3460045855f4fb398de", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/05b07e52a0d08239147ba3460045855f4fb398de" + }, + { + "url": "https://git.kernel.org/stable/c/bb3fd8b7906a12dc2b61389abb742bf6542d97fb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bb3fd8b7906a12dc2b61389abb742bf6542d97fb" + }, + { + "url": "https://git.kernel.org/stable/c/a736c72d476d1c7ca7be5018f2614ee61168ad01", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a736c72d476d1c7ca7be5018f2614ee61168ad01" + }, + { + "url": "https://git.kernel.org/stable/c/6d278c5548d840c4d85d445347b2a5c31b2ab3a0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6d278c5548d840c4d85d445347b2a5c31b2ab3a0" + }, + { + "url": "https://git.kernel.org/stable/c/9edaaa8e3e15aab1ca413ab50556de1975bcb329", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9edaaa8e3e15aab1ca413ab50556de1975bcb329" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23157.json b/2025/23xxx/CVE-2025-23157.json index 4e030578b34..d9c53db690b 100644 --- a/2025/23xxx/CVE-2025-23157.json +++ b/2025/23xxx/CVE-2025-23157.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: add check to avoid out of bound access\n\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1a73374a04e555103e5369429a30999114001dda", + "version_value": "26bbedd06d85770581fda5d78e78539bb088fad1" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.135", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.88", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1" + }, + { + "url": "https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45" + }, + { + "url": "https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3" + }, + { + "url": "https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b" + }, + { + "url": "https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e" + }, + { + "url": "https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23158.json b/2025/23xxx/CVE-2025-23158.json index eae119a39fa..ba2fd695c01 100644 --- a/2025/23xxx/CVE-2025-23158.json +++ b/2025/23xxx/CVE-2025-23158.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add check to handle incorrect queue size\n\nqsize represents size of shared queued between driver and video\nfirmware. Firmware can modify this value to an invalid large value. In\nsuch situation, empty_space will be bigger than the space actually\navailable. Since new_wr_idx is not checked, so the following code will\nresult in an OOB write.\n...\nqsize = qhdr->q_size\n\nif (wr_idx >= rd_idx)\n empty_space = qsize - (wr_idx - rd_idx)\n....\nif (new_wr_idx < qsize) {\n memcpy(wr_ptr, packet, dwords << 2) --> OOB write\n\nAdd check to ensure qsize is within the allocated size while\nreading and writing packets into the queue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", + "version_value": "cf5f7bb4e0d786f4d9d50ae6b5963935eab71d75" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.135", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.88", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/cf5f7bb4e0d786f4d9d50ae6b5963935eab71d75", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cf5f7bb4e0d786f4d9d50ae6b5963935eab71d75" + }, + { + "url": "https://git.kernel.org/stable/c/40084302f639b3fe954398c5ba5ee556b7242b54", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/40084302f639b3fe954398c5ba5ee556b7242b54" + }, + { + "url": "https://git.kernel.org/stable/c/679424f8b31446f90080befd0300ea915485b096", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/679424f8b31446f90080befd0300ea915485b096" + }, + { + "url": "https://git.kernel.org/stable/c/edb89d69b1438681daaf5ca90aed3242df94cc96", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/edb89d69b1438681daaf5ca90aed3242df94cc96" + }, + { + "url": "https://git.kernel.org/stable/c/101a86619aab42bb61f2253bbf720121022eab86", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/101a86619aab42bb61f2253bbf720121022eab86" + }, + { + "url": "https://git.kernel.org/stable/c/69baf245b23e20efda0079238b27fc63ecf13de1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/69baf245b23e20efda0079238b27fc63ecf13de1" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23159.json b/2025/23xxx/CVE-2025-23159.json index d799a42af88..902b7964c17 100644 --- a/2025/23xxx/CVE-2025-23159.json +++ b/2025/23xxx/CVE-2025-23159.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr->buf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d96d3f30c0f2f564f6922bf4ccdf4464992e31fb", + "version_value": "4e95233af57715d81830fe82b408c633edff59f4" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.135", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.88", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4" + }, + { + "url": "https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750" + }, + { + "url": "https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4" + }, + { + "url": "https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4" + }, + { + "url": "https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0" + }, + { + "url": "https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23160.json b/2025/23xxx/CVE-2025-23160.json index 7f7e6dee960..55c563db358 100644 --- a/2025/23xxx/CVE-2025-23160.json +++ b/2025/23xxx/CVE-2025-23160.json @@ -1,18 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "f066882293b5ad359e44c4ed24ab1811ffb0b354", + "version_value": "fd7bb97ede487b9f075707b7408a9073e0d474b1" + }, + { + "version_affected": "<", + "version_name": "53dbe08504442dc7ba4865c09b3bbf5fe849681b", + "version_value": "9f009fa823c54ca0857c81f7525ea5a5d32de29c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.10", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.88", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.24", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.12", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14.3", + "lessThanOrEqual": "6.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.15-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1" + }, + { + "url": "https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c" + }, + { + "url": "https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205" + }, + { + "url": "https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240" + }, + { + "url": "https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file