From 8014281b9e72e6ce473450284a2672a67d3c63bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Apr 2025 01:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11614.json | 128 +++++++++++++++++++++++++-------- 2025/1xxx/CVE-2025-1122.json | 5 +- 2025/1xxx/CVE-2025-1290.json | 59 +++++++++++++-- 2025/43xxx/CVE-2025-43708.json | 72 +++++++++++++++++++ 2025/43xxx/CVE-2025-43709.json | 18 +++++ 2025/43xxx/CVE-2025-43710.json | 18 +++++ 2025/43xxx/CVE-2025-43711.json | 18 +++++ 7 files changed, 281 insertions(+), 37 deletions(-) create mode 100644 2025/43xxx/CVE-2025-43708.json create mode 100644 2025/43xxx/CVE-2025-43709.json create mode 100644 2025/43xxx/CVE-2025-43710.json create mode 100644 2025/43xxx/CVE-2025-43711.json diff --git a/2024/11xxx/CVE-2024-11614.json b/2024/11xxx/CVE-2024-11614.json index b9f7328f14d..972a3531f0c 100644 --- a/2024/11xxx/CVE-2024-11614.json +++ b/2024/11xxx/CVE-2024-11614.json @@ -35,6 +35,76 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.1.0-159.el8fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.1.0-149.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.3.0-92.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.4.0-48.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -298,13 +368,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -317,37 +381,19 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -360,19 +406,19 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -421,6 +467,26 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:0222" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:3963", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3963" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:3964", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3964" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:3965", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3965" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:3970", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3970" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-11614", "refsource": "MISC", diff --git a/2025/1xxx/CVE-2025-1122.json b/2025/1xxx/CVE-2025-1122.json index 1655e8c3afe..4254221e448 100644 --- a/2025/1xxx/CVE-2025-1122.json +++ b/2025/1xxx/CVE-2025-1122.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." + "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nBypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." } ] }, @@ -39,7 +39,8 @@ "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "<", + "version_name": "122.0.6261.132", "version_value": "122.0.6261.132" } ] diff --git a/2025/1xxx/CVE-2025-1290.json b/2025/1xxx/CVE-2025-1290.json index 30d9b13a6ca..cb5d90dd225 100644 --- a/2025/1xxx/CVE-2025-1290.json +++ b/2025/1xxx/CVE-2025-1290.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chromeos-security@chromium.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free (UAF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "ChromeOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "115.0.5790.182", + "version_value": "115.0.5790.182" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://issuetracker.google.com/issues/301886931", + "refsource": "MISC", + "name": "https://issuetracker.google.com/issues/301886931" + }, + { + "url": "https://issues.chromium.org/issues/b/301886931", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/b/301886931" } ] } diff --git a/2025/43xxx/CVE-2025-43708.json b/2025/43xxx/CVE-2025-43708.json new file mode 100644 index 00000000000..f456656d542 --- /dev/null +++ b/2025/43xxx/CVE-2025-43708.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-43708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an \"insecure deserialization\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul", + "refsource": "MISC", + "name": "https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul" + }, + { + "url": "https://github.com/t-oster/VisiCut", + "refsource": "MISC", + "name": "https://github.com/t-oster/VisiCut" + }, + { + "refsource": "MISC", + "name": "https://visicut.org", + "url": "https://visicut.org" + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43709.json b/2025/43xxx/CVE-2025-43709.json new file mode 100644 index 00000000000..723caa11834 --- /dev/null +++ b/2025/43xxx/CVE-2025-43709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43710.json b/2025/43xxx/CVE-2025-43710.json new file mode 100644 index 00000000000..bd969513a61 --- /dev/null +++ b/2025/43xxx/CVE-2025-43710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43711.json b/2025/43xxx/CVE-2025-43711.json new file mode 100644 index 00000000000..e7fee4ed66c --- /dev/null +++ b/2025/43xxx/CVE-2025-43711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file