admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-01 13:01:41 +00:00
parent 6d375a1233
commit 56ccd5cddd
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 831 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2025/37xxx/CVE-2025-37750.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can't done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith 'vers=3.1.1,multichannel,max_channels=4,seal' against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b0abcd65ec545701b8793e12bc27dc98042b151a",
"version_value": "aa5a1e4b882964eb79d5b5d1d1e8a1a5efbb1d15"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.24",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.12",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aa5a1e4b882964eb79d5b5d1d1e8a1a5efbb1d15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa5a1e4b882964eb79d5b5d1d1e8a1a5efbb1d15"
},
{
"url": "https://git.kernel.org/stable/c/e859b216d94668bc66330e61be201234f4413d1a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e859b216d94668bc66330e61be201234f4413d1a"
},
{
"url": "https://git.kernel.org/stable/c/950557922c1298464749c216d8763e97faf5d0a6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/950557922c1298464749c216d8763e97faf5d0a6"
},
{
"url": "https://git.kernel.org/stable/c/9502dd5c7029902f4a425bf959917a5a9e7c0e50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9502dd5c7029902f4a425bf959917a5a9e7c0e50"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2025/37xxx/CVE-2025-37751.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/cpu: Avoid running off the end of an AMD erratum table\n\nThe NULL array terminator at the end of erratum_1386_microcode was\nremoved during the switch from x86_cpu_desc to x86_cpu_id. This\ncauses readers to run off the end of the array.\n\nReplace the NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f3f3251526739bb975b97f840c56b3054dba8638",
"version_value": "1b518f73f1b6f59e083ec33dea22d9a1a275a970"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1b518f73f1b6f59e083ec33dea22d9a1a275a970",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b518f73f1b6f59e083ec33dea22d9a1a275a970"
},
{
"url": "https://git.kernel.org/stable/c/f0df00ebc57f803603f2a2e0df197e51f06fbe90",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0df00ebc57f803603f2a2e0df197e51f06fbe90"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

156
2025/37xxx/CVE-2025-37752.json
View File

@ -1,18 +1,166 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "35d0137305ae2f97260a9047f445bd4434bd6cc7",
"version_value": "1348214fa042a71406964097e743c87a42c85a49"
},
{
"version_affected": "<",
"version_name": "833e9a1c27b82024db7ff5038a51651f48f05e5e",
"version_value": "d2718324f9e329b10ddc091fba5a0ba2b9d4d96a"
},
{
"version_affected": "<",
"version_name": "7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4",
"version_value": "f86293adce0c201cfabb283ef9d6f21292089bb8"
},
{
"version_affected": "<",
"version_name": "7fefc294204f10a3405f175f4ac2be16d63f135e",
"version_value": "5e5e1fcc1b8ed57f902c424c5d9b328a3a19073d"
},
{
"version_affected": "<",
"version_name": "10685681bafce6febb39770f3387621bf5d67d0b",
"version_value": "b36a68192037d1614317a09b0d78c7814e2eecf9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.24",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.12",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1348214fa042a71406964097e743c87a42c85a49",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1348214fa042a71406964097e743c87a42c85a49"
},
{
"url": "https://git.kernel.org/stable/c/d2718324f9e329b10ddc091fba5a0ba2b9d4d96a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2718324f9e329b10ddc091fba5a0ba2b9d4d96a"
},
{
"url": "https://git.kernel.org/stable/c/f86293adce0c201cfabb283ef9d6f21292089bb8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f86293adce0c201cfabb283ef9d6f21292089bb8"
},
{
"url": "https://git.kernel.org/stable/c/5e5e1fcc1b8ed57f902c424c5d9b328a3a19073d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5e5e1fcc1b8ed57f902c424c5d9b328a3a19073d"
},
{
"url": "https://git.kernel.org/stable/c/b36a68192037d1614317a09b0d78c7814e2eecf9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b36a68192037d1614317a09b0d78c7814e2eecf9"
},
{
"url": "https://git.kernel.org/stable/c/b3bf8f63e6179076b57c9de660c9f80b5abefe70",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3bf8f63e6179076b57c9de660c9f80b5abefe70"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

111
2025/37xxx/CVE-2025-37753.json
View File

@ -1,18 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpumf: Fix double free on error in cpumf_pmu_event_init()\n\nIn PMU event initialization functions\n - cpumsf_pmu_event_init()\n - cpumf_pmu_event_init()\n - cfdiag_event_init()\nthe partially created event had to be removed when an error was detected.\nThe event::event_init() member function had to release all resources\nit allocated in case of error. event::destroy() had to be called\non freeing an event after it was successfully created and\nevent::event_init() returned success.\n\nWith\n\ncommit c70ca298036c (\"perf/core: Simplify the perf_event_alloc() error path\")\n\nthis is not necessary anymore. The performance subsystem common\ncode now always calls event::destroy() to clean up the allocated\nresources created during event initialization.\n\nRemove the event::destroy() invocation in PMU event initialization\nor that function is called twice for each event that runs into an\nerror condition in event creation.\n\nThis is the kernel log entry which shows up without the fix:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 43388 at lib/refcount.c:87\trefcount_dec_not_one+0x74/0x90\nCPU: 0 UID: 0 PID: 43388 Comm: perf Not tainted 6.15.0-20250407.rc1.git0.300.fc41.s390x+git #1 NONE\nHardware name: IBM 3931 A01 704 (LPAR)\nKrnl PSW : 0704c00180000000 00000209cb2c1b88 (refcount_dec_not_one+0x78/0x90)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 0000020900000027 0000020900000023 0000000000000026 0000018900000000\n 00000004a2200a00 0000000000000000 0000000000000057 ffffffffffffffea\n 00000002b386c600 00000002b3f5b3e0 00000209cc51f140 00000209cc7fc550\n 0000000001449d38 ffffffffffffffff 00000209cb2c1b84 00000189d67dfb80\nKrnl Code: 00000209cb2c1b78: c02000506727\tlarl\t%r2,00000209cbcce9c6\n 00000209cb2c1b7e: c0e5ffbd4431\tbrasl\t%r14,00000209caa6a3e0\n #00000209cb2c1b84: af000000\t\tmc\t0,0\n >00000209cb2c1b88: a7480001\t\tlhi\t%r4,1\n 00000209cb2c1b8c: ebeff0a00004\tlmg\t%r14,%r15,160(%r15)\n 00000209cb2c1b92: ec243fbf0055\trisbg\t%r2,%r4,63,191,0\n 00000209cb2c1b98: 07fe\t\tbcr\t15,%r14\n 00000209cb2c1b9a: 47000700\t\tbc\t0,1792\nCall Trace:\n [<00000209cb2c1b88>] refcount_dec_not_one+0x78/0x90\n [<00000209cb2c1dc4>] refcount_dec_and_mutex_lock+0x24/0x90\n [<00000209caa3c29e>] hw_perf_event_destroy+0x2e/0x80\n [<00000209cacaf8b4>] __free_event+0x74/0x270\n [<00000209cacb47c4>] perf_event_alloc.part.0+0x4a4/0x730\n [<00000209cacbf3e8>] __do_sys_perf_event_open+0x248/0xc20\n [<00000209cacc14a4>] __s390x_sys_perf_event_open+0x44/0x50\n [<00000209cb8114de>] __do_syscall+0x12e/0x260\n [<00000209cb81ce34>] system_call+0x74/0x98\nLast Breaking-Event-Address:\n [<00000209caa6a4d2>] __warn_printk+0xf2/0x100\n---[ end trace 0000000000000000 ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7ef5aa081f989ecfecc1df02068a80aebbd3ec31",
"version_value": "bdbecb2bf531fadbbc9347a79009f7a58ea7eb03"
},
{
"version_affected": "<",
"version_name": "315a50c6b1c6ce191f19f3372935d8e2ed9b53a6",
"version_value": "3a3faf873db5dcd5d2622d8e2accb90af0a86c2d"
},
{
"version_affected": "<",
"version_name": "1209b0b29fd472e7dbd2b06544b019dd9f9b7e51",
"version_value": "ddf60c1491102dab04491481bc3376d3e9cd139d"
},
{
"version_affected": "<",
"version_name": "c70ca298036c58a88686ff388d3d367e9d21acf0",
"version_value": "aa1ac98268cd1f380c713f07e39b1fa1d5c7650c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.15-rc1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.15-rc1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bdbecb2bf531fadbbc9347a79009f7a58ea7eb03",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bdbecb2bf531fadbbc9347a79009f7a58ea7eb03"
},
{
"url": "https://git.kernel.org/stable/c/3a3faf873db5dcd5d2622d8e2accb90af0a86c2d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a3faf873db5dcd5d2622d8e2accb90af0a86c2d"
},
{
"url": "https://git.kernel.org/stable/c/ddf60c1491102dab04491481bc3376d3e9cd139d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddf60c1491102dab04491481bc3376d3e9cd139d"
},
{
"url": "https://git.kernel.org/stable/c/aa1ac98268cd1f380c713f07e39b1fa1d5c7650c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa1ac98268cd1f380c713f07e39b1fa1d5c7650c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37754.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/huc: Fix fence not released on early probe errors\n\nHuC delayed loading fence, introduced with commit 27536e03271da\n(\"drm/i915/huc: track delayed HuC load with a fence\"), is registered with\nobject tracker early on driver probe but unregistered only from driver\nremove, which is not called on early probe errors. Since its memory is\nallocated under devres, then released anyway, it may happen to be\nallocated again to the fence and reused on future driver probes, resulting\nin kernel warnings that taint the kernel:\n\n<4> [309.731371] ------------[ cut here ]------------\n<3> [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915]\n<4> [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0\n...\n<4> [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G U 6.14.0-CI_DRM_16362-gf0fd77956987+ #1\n...\n<4> [309.731700] RIP: 0010:debug_print_object+0x93/0xf0\n...\n<4> [309.731728] Call Trace:\n<4> [309.731730] <TASK>\n...\n<4> [309.731949] __debug_object_init+0x17b/0x1c0\n<4> [309.731957] debug_object_init+0x34/0x50\n<4> [309.732126] __i915_sw_fence_init+0x34/0x60 [i915]\n<4> [309.732256] intel_huc_init_early+0x4b/0x1d0 [i915]\n<4> [309.732468] intel_uc_init_early+0x61/0x680 [i915]\n<4> [309.732667] intel_gt_common_init_early+0x105/0x130 [i915]\n<4> [309.732804] intel_root_gt_init_early+0x63/0x80 [i915]\n<4> [309.732938] i915_driver_probe+0x1fa/0xeb0 [i915]\n<4> [309.733075] i915_pci_probe+0xe6/0x220 [i915]\n<4> [309.733198] local_pci_probe+0x44/0xb0\n<4> [309.733203] pci_device_probe+0xf4/0x270\n<4> [309.733209] really_probe+0xee/0x3c0\n<4> [309.733215] __driver_probe_device+0x8c/0x180\n<4> [309.733219] driver_probe_device+0x24/0xd0\n<4> [309.733223] __driver_attach+0x10f/0x220\n<4> [309.733230] bus_for_each_dev+0x7d/0xe0\n<4> [309.733236] driver_attach+0x1e/0x30\n<4> [309.733239] bus_add_driver+0x151/0x290\n<4> [309.733244] driver_register+0x5e/0x130\n<4> [309.733247] __pci_register_driver+0x7d/0x90\n<4> [309.733251] i915_pci_register_driver+0x23/0x30 [i915]\n<4> [309.733413] i915_init+0x34/0x120 [i915]\n<4> [309.733655] do_one_initcall+0x62/0x3f0\n<4> [309.733667] do_init_module+0x97/0x2a0\n<4> [309.733671] load_module+0x25ff/0x2890\n<4> [309.733688] init_module_from_file+0x97/0xe0\n<4> [309.733701] idempotent_init_module+0x118/0x330\n<4> [309.733711] __x64_sys_finit_module+0x77/0x100\n<4> [309.733715] x64_sys_call+0x1f37/0x2650\n<4> [309.733719] do_syscall_64+0x91/0x180\n<4> [309.733763] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n<4> [309.733792] </TASK>\n...\n<4> [309.733806] ---[ end trace 0000000000000000 ]---\n\nThat scenario is most easily reproducible with\nigt@i915_module_load@reload-with-fault-injection.\n\nFix the issue by moving the cleanup step to driver release path.\n\n(cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "27536e03271da3dafcdddf735102041a26ad5bd0",
"version_value": "9f5ef4a5eaa61a7a4ed31231da45deb85065397a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.24",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.12",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9f5ef4a5eaa61a7a4ed31231da45deb85065397a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f5ef4a5eaa61a7a4ed31231da45deb85065397a"
},
{
"url": "https://git.kernel.org/stable/c/c5a906806162aea62dbe5d327760ce3b7117ca17",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c5a906806162aea62dbe5d327760ce3b7117ca17"
},
{
"url": "https://git.kernel.org/stable/c/4bd4bf79bcfe101f0385ab81dbabb6e3f7d96c00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4bd4bf79bcfe101f0385ab81dbabb6e3f7d96c00"
},
{
"url": "https://git.kernel.org/stable/c/f104ef4db9f8f3923cc06ed1fafb3da38df6006d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f104ef4db9f8f3923cc06ed1fafb3da38df6006d"
},
{
"url": "https://git.kernel.org/stable/c/e3ea2eae70692a455e256787e4f54153fb739b90",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3ea2eae70692a455e256787e4f54153fb739b90"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37755.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3c47e8ae113a68da47987750d9896e325d0aeedd",
"version_value": "c17ef974bfcf1a50818168b47c4606b425a957c4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.24",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.12",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c17ef974bfcf1a50818168b47c4606b425a957c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c17ef974bfcf1a50818168b47c4606b425a957c4"
},
{
"url": "https://git.kernel.org/stable/c/ad81d666e114ebf989fc9994d4c93d451dc60056",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad81d666e114ebf989fc9994d4c93d451dc60056"
},
{
"url": "https://git.kernel.org/stable/c/1dd13c60348f515acd8c6f25a561b9c4e3b04fea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1dd13c60348f515acd8c6f25a561b9c4e3b04fea"
},
{
"url": "https://git.kernel.org/stable/c/90bec7cef8805f9a23145e070dff28a02bb584eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90bec7cef8805f9a23145e070dff28a02bb584eb"
},
{
"url": "https://git.kernel.org/stable/c/7f1ff1b38a7c8b872382b796023419d87d78c47e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7f1ff1b38a7c8b872382b796023419d87d78c47e"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2025/37xxx/CVE-2025-37756.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: explicitly disallow disconnect\n\nsyzbot discovered that it can disconnect a TLS socket and then\nrun into all sort of unexpected corner cases. I have a vague\nrecollection of Eric pointing this out to us a long time ago.\nSupporting disconnect is really hard, for one thing if offload\nis enabled we'd need to wait for all packets to be _acked_.\nDisconnect is not commonly used, disallow it.\n\nThe immediate problem syzbot run into is the warning in the strp,\nbut that's just the easiest bug to trigger:\n\n WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n Call Trace:\n <TASK>\n tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363\n tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043\n inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678\n sock_recvmsg_nosec net/socket.c:1023 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1045\n __sys_recvfrom+0x202/0x380 net/socket.c:2237"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3c4d7559159bfe1e3b94df3a657b2cda3a34e218",
"version_value": "f3ce4d3f874ab7919edca364c147ac735f9f1d04"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.24",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.12",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.3",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04"
},
{
"url": "https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a"
},
{
"url": "https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6"
},
{
"url": "https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3"
},
{
"url": "https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86"
},
{
"url": "https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}