admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-01 14:00:34 +00:00
parent 90d0aa9f39
commit 9d2f8826f3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
59 changed files with 4818 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2024/11xxx/CVE-2024-11390.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim\u2019s browser (XSS) via crafted HTML and JavaScript files.\n\nThe attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.17.6",
"version_value": "7.17.23"
},
{
"version_affected": "<",
"version_name": "8.4.0",
"version_value": "8.11.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

79
2024/11xxx/CVE-2024-11994.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "APM Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "8.16.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

7
2024/36xxx/CVE-2024-36623.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes."
"value": "moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29",
"url": "https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8",
"url": "https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8"
}
]
}

84
2024/52xxx/CVE-2024-52976.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.\n\nAn attacker requires local access and the ability to modify osqueryd configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"cweId": "CWE-829"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Elastic Agent",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.17.24"
},
{
"version_affected": "<=",
"version_name": "8.0.0",
"version_value": "8.15.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

84
2024/52xxx/CVE-2024-52979.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.17.0",
"version_value": "7.17.25"
},
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "8.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

78
2025/23xxx/CVE-2025-23245.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "TensorRT-LLM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions prior to 0.18.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5648",
"refsource": "MISC",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5648"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

84
2025/25xxx/CVE-2025-25016.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.17.0",
"version_value": "7.17.18"
},
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "8.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

108
2025/37xxx/CVE-2025-37760.json
View File

@ -1,18 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vma: add give_up_on_oom option on modify/merge, use in uffd release\n\nCurrently, if a VMA merge fails due to an OOM condition arising on commit\nmerge or a failure to duplicate anon_vma's, we report this so the caller\ncan handle it.\n\nHowever there are cases where the caller is only ostensibly trying a\nmerge, and doesn't mind if it fails due to this condition.\n\nSince we do not want to introduce an implicit assumption that we only\nactually modify VMAs after OOM conditions might arise, add a 'give up on\noom' option and make an explicit contract that, should this flag be set, we\nabsolutely will not modify any VMAs should OOM arise and just bail out.\n\nSince it'd be very unusual for a user to try to vma_modify() with this flag\nset but be specifying a range within a VMA which ends up being split (which\ncan fail due to rlimit issues, not only OOM), we add a debug warning for\nthis condition.\n\nThe motivating reason for this is uffd release - syzkaller (and Pedro\nFalcato's VERY astute analysis) found a way in which an injected fault on\nallocation, triggering an OOM condition on commit merge, would result in\nuffd code becoming confused and treating an error value as if it were a VMA\npointer.\n\nTo avoid this, we make use of this new VMG flag to ensure that this never\noccurs, utilising the fact that, should we be clearing entire VMAs, we do\nnot wish an OOM event to be reported to us.\n\nMany thanks to Pedro Falcato for his excellent analysis and Jann Horn for\nhis insightful and intelligent analysis of the situation, both of whom were\ninstrumental in this fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "79636d2981b066acd945117387a9533f56411f6f",
"version_value": "b906c1ad25adce6ff35be19b65a1aa7d960fe1d7"
},
{
"version_affected": "<",
"version_name": "47b16d0462a460000b8f05dfb1292377ac48f3ca",
"version_value": "c103a75c61648203d731e3b97a6fbeea4003cb15"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b906c1ad25adce6ff35be19b65a1aa7d960fe1d7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b906c1ad25adce6ff35be19b65a1aa7d960fe1d7"
},
{
"url": "https://git.kernel.org/stable/c/c103a75c61648203d731e3b97a6fbeea4003cb15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c103a75c61648203d731e3b97a6fbeea4003cb15"
},
{
"url": "https://git.kernel.org/stable/c/41e6ddcaa0f18dda4c3fadf22533775a30d6f72f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/41e6ddcaa0f18dda4c3fadf22533775a30d6f72f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2025/37xxx/CVE-2025-37761.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix an out-of-bounds shift when invalidating TLB\n\nWhen the size of the range invalidated is larger than\nrounddown_pow_of_two(ULONG_MAX),\nThe function macro roundup_pow_of_two(length) will hit an out-of-bounds\nshift [1].\n\nUse a full TLB invalidation for such cases.\nv2:\n- Use a define for the range size limit over which we use a full\n TLB invalidation. (Lucas)\n- Use a better calculation of the limit.\n\n[1]:\n[ 39.202421] ------------[ cut here ]------------\n[ 39.202657] UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n[ 39.202673] shift exponent 64 is too large for 64-bit type 'long unsigned int'\n[ 39.202688] CPU: 8 UID: 0 PID: 3129 Comm: xe_exec_system_ Tainted: G U 6.14.0+ #10\n[ 39.202690] Tainted: [U]=USER\n[ 39.202690] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023\n[ 39.202691] Call Trace:\n[ 39.202692] <TASK>\n[ 39.202695] dump_stack_lvl+0x6e/0xa0\n[ 39.202699] ubsan_epilogue+0x5/0x30\n[ 39.202701] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe6\n[ 39.202705] xe_gt_tlb_invalidation_range.cold+0x1d/0x3a [xe]\n[ 39.202800] ? find_held_lock+0x2b/0x80\n[ 39.202803] ? mark_held_locks+0x40/0x70\n[ 39.202806] xe_svm_invalidate+0x459/0x700 [xe]\n[ 39.202897] drm_gpusvm_notifier_invalidate+0x4d/0x70 [drm_gpusvm]\n[ 39.202900] __mmu_notifier_release+0x1f5/0x270\n[ 39.202905] exit_mmap+0x40e/0x450\n[ 39.202912] __mmput+0x45/0x110\n[ 39.202914] exit_mm+0xc5/0x130\n[ 39.202916] do_exit+0x21c/0x500\n[ 39.202918] ? lockdep_hardirqs_on_prepare+0xdb/0x190\n[ 39.202920] do_group_exit+0x36/0xa0\n[ 39.202922] get_signal+0x8f8/0x900\n[ 39.202926] arch_do_signal_or_restart+0x35/0x100\n[ 39.202930] syscall_exit_to_user_mode+0x1fc/0x290\n[ 39.202932] do_syscall_64+0xa1/0x180\n[ 39.202934] ? do_user_addr_fault+0x59f/0x8a0\n[ 39.202937] ? lock_release+0xd2/0x2a0\n[ 39.202939] ? do_user_addr_fault+0x5a9/0x8a0\n[ 39.202942] ? trace_hardirqs_off+0x4b/0xc0\n[ 39.202944] ? clear_bhb_loop+0x25/0x80\n[ 39.202946] ? clear_bhb_loop+0x25/0x80\n[ 39.202947] ? clear_bhb_loop+0x25/0x80\n[ 39.202950] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 39.202952] RIP: 0033:0x7fa945e543e1\n[ 39.202961] Code: Unable to access opcode bytes at 0x7fa945e543b7.\n[ 39.202962] RSP: 002b:00007ffca8fb4170 EFLAGS: 00000293\n[ 39.202963] RAX: 000000000000003d RBX: 0000000000000000 RCX: 00007fa945e543e3\n[ 39.202964] RDX: 0000000000000000 RSI: 00007ffca8fb41ac RDI: 00000000ffffffff\n[ 39.202964] RBP: 00007ffca8fb4190 R08: 0000000000000000 R09: 00007fa945f600a0\n[ 39.202965] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\n[ 39.202966] R13: 00007fa9460dd310 R14: 00007ffca8fb41ac R15: 0000000000000000\n[ 39.202970] </TASK>\n[ 39.202970] ---[ end trace ]---\n\n(cherry picked from commit b88f48f86500bc0b44b4f73ac66d500a40d320ad)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "332dd0116c82a75df175a459fa69dda3f23491a7",
"version_value": "28477f701b63922ff88e9fb13f5519c11cd48b86"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/28477f701b63922ff88e9fb13f5519c11cd48b86",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28477f701b63922ff88e9fb13f5519c11cd48b86"
},
{
"url": "https://git.kernel.org/stable/c/e4715858f87b78ce58cfa03bbe140321edbbaf20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e4715858f87b78ce58cfa03bbe140321edbbaf20"
},
{
"url": "https://git.kernel.org/stable/c/7bcfeddb36b77f9fe3b010bb0b282b7618420bba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7bcfeddb36b77f9fe3b010bb0b282b7618420bba"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2025/37xxx/CVE-2025-37762.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()\n\nCorrect error handling in prepare_fb() to fix leaking resources when\nerror happens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4a696a2ee646ea6f24c28b3624175a7b35482c52",
"version_value": "fe983e925bf7062d7b975357afcbc77bb7f354d8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fe983e925bf7062d7b975357afcbc77bb7f354d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe983e925bf7062d7b975357afcbc77bb7f354d8"
},
{
"url": "https://git.kernel.org/stable/c/395cc80051f8da267b27496a4029dd931a198855",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/395cc80051f8da267b27496a4029dd931a198855"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2025/37xxx/CVE-2025-37763.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: take paired job reference\n\nFor paired jobs, have the fragment job take a reference on the\ngeometry job, so that the geometry job cannot be freed until\nthe fragment job has finished with it.\n\nThe geometry job structure is accessed when the fragment job is being\nprepared by the GPU scheduler. Taking the reference prevents the\ngeometry job being freed until the fragment job no longer requires it.\n\nFixes a use after free bug detected by KASAN:\n\n[ 124.256386] BUG: KASAN: slab-use-after-free in pvr_queue_prepare_job+0x108/0x868 [powervr]\n[ 124.264893] Read of size 1 at addr ffff0000084cb960 by task kworker/u16:4/63"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "eaf01ee5ba28b97f96a3d3eec4c5fbfb37ee4cde",
"version_value": "c90b95e12eb88d23740e5ea2c43d71675d17ac8d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c90b95e12eb88d23740e5ea2c43d71675d17ac8d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c90b95e12eb88d23740e5ea2c43d71675d17ac8d"
},
{
"url": "https://git.kernel.org/stable/c/b5a6f97a78e2fc008fd6503b7040cb7e1120b873",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b5a6f97a78e2fc008fd6503b7040cb7e1120b873"
},
{
"url": "https://git.kernel.org/stable/c/4ba2abe154ef68f9612eee9d6fbfe53a1736b064",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4ba2abe154ef68f9612eee9d6fbfe53a1736b064"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2025/37xxx/CVE-2025-37764.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: fix firmware memory leaks\n\nFree the memory used to hold the results of firmware image processing\nwhen the module is unloaded.\n\nFix the related issue of the same memory being leaked if processing\nof the firmware image fails during module load.\n\nEnsure all firmware GEM objects are destroyed if firmware image\nprocessing fails.\n\nFixes memory leaks on powervr module unload detected by Kmemleak:\n\nunreferenced object 0xffff000042e20000 (size 94208):\n comm \"modprobe\", pid 470, jiffies 4295277154\n hex dump (first 32 bytes):\n 02 ae 7f ed bf 45 84 00 3c 5b 1f ed 9f 45 45 05 .....E..<[...EE.\n d5 4f 5d 14 6c 00 3d 23 30 d0 3a 4a 66 0e 48 c8 .O].l.=#0.:Jf.H.\n backtrace (crc dd329dec):\n kmemleak_alloc+0x30/0x40\n ___kmalloc_large_node+0x140/0x188\n __kmalloc_large_node_noprof+0x2c/0x13c\n __kmalloc_noprof+0x48/0x4c0\n pvr_fw_init+0xaa4/0x1f50 [powervr]\n\nunreferenced object 0xffff000042d20000 (size 20480):\n comm \"modprobe\", pid 470, jiffies 4295277154\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 09 00 00 00 0b 00 00 00 ................\n 00 00 00 00 00 00 00 00 07 00 00 00 08 00 00 00 ................\n backtrace (crc 395b02e3):\n kmemleak_alloc+0x30/0x40\n ___kmalloc_large_node+0x140/0x188\n __kmalloc_large_node_noprof+0x2c/0x13c\n __kmalloc_noprof+0x48/0x4c0\n pvr_fw_init+0xb0c/0x1f50 [powervr]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cc1aeedb98ad347c06ff59e991b2f94dfb4c565d",
"version_value": "490c30fd554597e78f66650044877e7defb5f83c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/490c30fd554597e78f66650044877e7defb5f83c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/490c30fd554597e78f66650044877e7defb5f83c"
},
{
"url": "https://git.kernel.org/stable/c/891c12ba855ccb34c06a2e5da75c644683087036",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/891c12ba855ccb34c06a2e5da75c644683087036"
},
{
"url": "https://git.kernel.org/stable/c/a5b230e7f3a55bd8bd8d012eec75a4b7baa671d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a5b230e7f3a55bd8bd8d012eec75a4b7baa671d5"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37765.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix ttm_bo_delayed_delete oops\n\nFix an oops in ttm_bo_delayed_delete which results from dererencing a\ndangling pointer:\n\nOops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP\nCPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216\nHardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024\nWorkqueue: ttm ttm_bo_delayed_delete [ttm]\nRIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290\nCode: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 <41> 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b\nRSP: 0018:ffffbf9383473d60 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffbf9383473d78 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 6b6b6b6b6b6b6b6b\nR13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc\nFS: 0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? __die_body.cold+0x19/0x26\n ? die_addr+0x3d/0x70\n ? exc_general_protection+0x159/0x460\n ? asm_exc_general_protection+0x27/0x30\n ? dma_resv_iter_first_unlocked+0x55/0x290\n dma_resv_wait_timeout+0x56/0x100\n ttm_bo_delayed_delete+0x69/0xb0 [ttm]\n process_one_work+0x217/0x5c0\n worker_thread+0x1c8/0x3d0\n ? apply_wqattrs_cleanup.part.0+0xc0/0xc0\n kthread+0x10b/0x240\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork+0x40/0x70\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork_asm+0x11/0x20\n </TASK>\n\nThe cause of this is:\n\n- drm_prime_gem_destroy calls dma_buf_put(dma_buf) which releases the\n reference to the shared dma_buf. The reference count is 0, so the\n dma_buf is destroyed, which in turn decrements the corresponding\n amdgpu_bo reference count to 0, and the amdgpu_bo is destroyed -\n calling drm_gem_object_release then dma_resv_fini (which destroys the\n reservation object), then finally freeing the amdgpu_bo.\n\n- nouveau_bo obj->bo.base.resv is now a dangling pointer to the memory\n formerly allocated to the amdgpu_bo.\n\n- nouveau_gem_object_del calls ttm_bo_put(&nvbo->bo) which calls\n ttm_bo_release, which schedules ttm_bo_delayed_delete.\n\n- ttm_bo_delayed_delete runs and dereferences the dangling resv pointer,\n resulting in a general protection fault.\n\nFix this by moving the drm_prime_gem_destroy call from\nnouveau_gem_object_del to nouveau_bo_del_ttm. This ensures that it will\nbe run after ttm_bo_delayed_delete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22b33e8ed0e38b8ddcf082e35580f2e67a3a0262",
"version_value": "12b038d521c75e3521522503becf3bc162628469"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12b038d521c75e3521522503becf3bc162628469",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12b038d521c75e3521522503becf3bc162628469"
},
{
"url": "https://git.kernel.org/stable/c/31e94c7989572f96926673614a3b958915a13ca9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31e94c7989572f96926673614a3b958915a13ca9"
},
{
"url": "https://git.kernel.org/stable/c/6e2c805996a49998d31ac522beb1534ca417e761",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e2c805996a49998d31ac522beb1534ca417e761"
},
{
"url": "https://git.kernel.org/stable/c/6b95947ee780f4e1fb26413a1437d05bcb99712b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b95947ee780f4e1fb26413a1437d05bcb99712b"
},
{
"url": "https://git.kernel.org/stable/c/8ec0fbb28d049273bfd4f1e7a5ae4c74884beed3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ec0fbb28d049273bfd4f1e7a5ae4c74884beed3"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37766.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "031db09017da532d4dc7bbba8c734cfc80f49f34",
"version_value": "ffd688804425579a472fbd2525bedb58b1d28bd9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ffd688804425579a472fbd2525bedb58b1d28bd9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ffd688804425579a472fbd2525bedb58b1d28bd9"
},
{
"url": "https://git.kernel.org/stable/c/068091b796480819bf70b159f17e222ad8bea900",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/068091b796480819bf70b159f17e222ad8bea900"
},
{
"url": "https://git.kernel.org/stable/c/42f7b5d12c28b2a601a98d10a80c6db1fe1a2900",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42f7b5d12c28b2a601a98d10a80c6db1fe1a2900"
},
{
"url": "https://git.kernel.org/stable/c/affd2241927a1e74c0aecd50c2d920dc4213c56d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/affd2241927a1e74c0aecd50c2d920dc4213c56d"
},
{
"url": "https://git.kernel.org/stable/c/4e3d9508c056d7e0a56b58d5c81253e2a0d22b6c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e3d9508c056d7e0a56b58d5c81253e2a0d22b6c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37767.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c05d1c401572ac63d704183b19db2ce746961412",
"version_value": "8f7b5987e21e003cafac28f0e4d323e6496f83ba"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8f7b5987e21e003cafac28f0e4d323e6496f83ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f7b5987e21e003cafac28f0e4d323e6496f83ba"
},
{
"url": "https://git.kernel.org/stable/c/c3ff73e3bddf1a6c30d7effe4018d12ba0cadd2e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3ff73e3bddf1a6c30d7effe4018d12ba0cadd2e"
},
{
"url": "https://git.kernel.org/stable/c/fb803d4bb9ea0a61c21c4987505e4d4ae18f9fdc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb803d4bb9ea0a61c21c4987505e4d4ae18f9fdc"
},
{
"url": "https://git.kernel.org/stable/c/327107bd7f052f4ee2d0c966c7ae879822f1814f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/327107bd7f052f4ee2d0c966c7ae879822f1814f"
},
{
"url": "https://git.kernel.org/stable/c/f23e9116ebb71b63fe9cec0dcac792aa9af30b0c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f23e9116ebb71b63fe9cec0dcac792aa9af30b0c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37768.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c52dcf49195d06319189c7f1dd8b62bfca545197",
"version_value": "5fc4fb54f6f064c25bfbbfd443aa861d3422dd4c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5fc4fb54f6f064c25bfbbfd443aa861d3422dd4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5fc4fb54f6f064c25bfbbfd443aa861d3422dd4c"
},
{
"url": "https://git.kernel.org/stable/c/b0742a709be7979c7a480772046a1f36d09dab00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b0742a709be7979c7a480772046a1f36d09dab00"
},
{
"url": "https://git.kernel.org/stable/c/8e9c4f8d197d5709c75effa5d58e80b4fa01981a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e9c4f8d197d5709c75effa5d58e80b4fa01981a"
},
{
"url": "https://git.kernel.org/stable/c/9e4f1e21fe7b93a8ef57db433071266c2590e260",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e4f1e21fe7b93a8ef57db433071266c2590e260"
},
{
"url": "https://git.kernel.org/stable/c/7c246a05df51c52fe0852ce56ba10c41e6ed1f39",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c246a05df51c52fe0852ce56ba10c41e6ed1f39"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37769.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm/smu11: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n(cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1e866f1fe528bc0158cdcd589053753032bdb52c",
"version_value": "de6f8e0534cfabc528c969d453150ca90b24fb01"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/de6f8e0534cfabc528c969d453150ca90b24fb01",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de6f8e0534cfabc528c969d453150ca90b24fb01"
},
{
"url": "https://git.kernel.org/stable/c/de2cba068c9c648503973b57696d035cfe58a9f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de2cba068c9c648503973b57696d035cfe58a9f6"
},
{
"url": "https://git.kernel.org/stable/c/63a150400194592206817124268ff6f43947e8c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63a150400194592206817124268ff6f43947e8c9"
},
{
"url": "https://git.kernel.org/stable/c/fc9d55377353321e78f9e108d15f72a17e8c6ee2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc9d55377353321e78f9e108d15f72a17e8c6ee2"
},
{
"url": "https://git.kernel.org/stable/c/7ba88b5cccc1a99c1afb96e31e7eedac9907704c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7ba88b5cccc1a99c1afb96e31e7eedac9907704c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37770.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c52dcf49195d06319189c7f1dd8b62bfca545197",
"version_value": "836a189fb422e7efb81c51d5160e47ec7bc11500"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/836a189fb422e7efb81c51d5160e47ec7bc11500",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/836a189fb422e7efb81c51d5160e47ec7bc11500"
},
{
"url": "https://git.kernel.org/stable/c/587de3ca7875c06fe3c3aa4073a85c4eff46591f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/587de3ca7875c06fe3c3aa4073a85c4eff46591f"
},
{
"url": "https://git.kernel.org/stable/c/bd4d90adbca1862d03e581e10e74ab73ec75e61b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd4d90adbca1862d03e581e10e74ab73ec75e61b"
},
{
"url": "https://git.kernel.org/stable/c/05de66de280ea1bd0459c994bfd2dd332cfbc2a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/05de66de280ea1bd0459c994bfd2dd332cfbc2a9"
},
{
"url": "https://git.kernel.org/stable/c/4b8c3c0d17c07f301011e2908fecd2ebdcfe3d1c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b8c3c0d17c07f301011e2908fecd2ebdcfe3d1c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37771.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b64625a303de727498f80f8cb9833fc615c0a90f",
"version_value": "402964994e8ece29702383b234fabcf04791ff95"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/402964994e8ece29702383b234fabcf04791ff95",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/402964994e8ece29702383b234fabcf04791ff95"
},
{
"url": "https://git.kernel.org/stable/c/5096174074114f83c700a27869c54362cbb10f3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5096174074114f83c700a27869c54362cbb10f3e"
},
{
"url": "https://git.kernel.org/stable/c/6413fed016208171592c88b5df002af8a1387e24",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6413fed016208171592c88b5df002af8a1387e24"
},
{
"url": "https://git.kernel.org/stable/c/baa54adb5e0599299b8f088efb5544d876a3eb62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/baa54adb5e0599299b8f088efb5544d876a3eb62"
},
{
"url": "https://git.kernel.org/stable/c/7d641c2b83275d3b0424127b2e0d2d0f7dd82aef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d641c2b83275d3b0424127b2e0d2d0f7dd82aef"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37772.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix workqueue crash in cma_netevent_work_handler\n\nstruct rdma_cm_id has member \"struct work_struct net_work\"\nthat is reused for enqueuing cma_netevent_work_handler()s\nonto cma_wq.\n\nBelow crash[1] can occur if more than one call to\ncma_netevent_callback() occurs in quick succession,\nwhich further enqueues cma_netevent_work_handler()s for the\nsame rdma_cm_id, overwriting any previously queued work-item(s)\nthat was just scheduled to run i.e. there is no guarantee\nthe queued work item may run between two successive calls\nto cma_netevent_callback() and the 2nd INIT_WORK would overwrite\nthe 1st work item (for the same rdma_cm_id), despite grabbing\nid_table_lock during enqueue.\n\nAlso drgn analysis [2] indicates the work item was likely overwritten.\n\nFix this by moving the INIT_WORK() to __rdma_create_id(),\nso that it doesn't race with any existing queue_work() or\nits worker thread.\n\n[1] Trimmed crash stack:\n=============================================\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nkworker/u256:6 ... 6.12.0-0...\nWorkqueue: cma_netevent_work_handler [rdma_cm] (rdma_cm)\nRIP: 0010:process_one_work+0xba/0x31a\nCall Trace:\n worker_thread+0x266/0x3a0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n=============================================\n\n[2] drgn crash analysis:\n\n>>> trace = prog.crashed_thread().stack_trace()\n>>> trace\n(0) crash_setup_regs (./arch/x86/include/asm/kexec.h:111:15)\n(1) __crash_kexec (kernel/crash_core.c:122:4)\n(2) panic (kernel/panic.c:399:3)\n(3) oops_end (arch/x86/kernel/dumpstack.c:382:3)\n...\n(8) process_one_work (kernel/workqueue.c:3168:2)\n(9) process_scheduled_works (kernel/workqueue.c:3310:3)\n(10) worker_thread (kernel/workqueue.c:3391:4)\n(11) kthread (kernel/kthread.c:389:9)\n\nLine workqueue.c:3168 for this kernel version is in process_one_work():\n3168\tstrscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN);\n\n>>> trace[8][\"work\"]\n*(struct work_struct *)0xffff92577d0a21d8 = {\n\t.data = (atomic_long_t){\n\t\t.counter = (s64)536870912, <=== Note\n\t},\n\t.entry = (struct list_head){\n\t\t.next = (struct list_head *)0xffff924d075924c0,\n\t\t.prev = (struct list_head *)0xffff924d075924c0,\n\t},\n\t.func = (work_func_t)cma_netevent_work_handler+0x0 = 0xffffffffc2cec280,\n}\n\nSuspicion is that pwq is NULL:\n>>> trace[8][\"pwq\"]\n(struct pool_workqueue *)<absent>\n\nIn process_one_work(), pwq is assigned from:\nstruct pool_workqueue *pwq = get_work_pwq(work);\n\nand get_work_pwq() is:\nstatic struct pool_workqueue *get_work_pwq(struct work_struct *work)\n{\n \tunsigned long data = atomic_long_read(&work->data);\n\n \tif (data & WORK_STRUCT_PWQ)\n \t\treturn work_struct_pwq(data);\n \telse\n \t\treturn NULL;\n}\n\nWORK_STRUCT_PWQ is 0x4:\n>>> print(repr(prog['WORK_STRUCT_PWQ']))\nObject(prog, 'enum work_flags', value=4)\n\nBut work->data is 536870912 which is 0x20000000.\nSo, get_work_pwq() returns NULL and we crash in process_one_work():\n3168\tstrscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN);\n============================================="
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "925d046e7e52c71c3531199ce137e141807ef740",
"version_value": "51003b2c872c63d28bcf5fbcc52cf7b05615f7b7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/51003b2c872c63d28bcf5fbcc52cf7b05615f7b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/51003b2c872c63d28bcf5fbcc52cf7b05615f7b7"
},
{
"url": "https://git.kernel.org/stable/c/c2b169fc7a12665d8a675c1ff14bca1b9c63fb9a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c2b169fc7a12665d8a675c1ff14bca1b9c63fb9a"
},
{
"url": "https://git.kernel.org/stable/c/d23fd7a539ac078df119707110686a5b226ee3bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d23fd7a539ac078df119707110686a5b226ee3bb"
},
{
"url": "https://git.kernel.org/stable/c/b172a4a0de254f1fcce7591833a9a63547c2f447",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b172a4a0de254f1fcce7591833a9a63547c2f447"
},
{
"url": "https://git.kernel.org/stable/c/45f5dcdd049719fb999393b30679605f16ebce14",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/45f5dcdd049719fb999393b30679605f16ebce14"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37773.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a",
"version_value": "599d1e2a6aecc44acf22fe7ea6f5e84a7e526abe"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/599d1e2a6aecc44acf22fe7ea6f5e84a7e526abe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/599d1e2a6aecc44acf22fe7ea6f5e84a7e526abe"
},
{
"url": "https://git.kernel.org/stable/c/f6ec52710dc5e156b774cbef5d0f5c99b1c53a80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6ec52710dc5e156b774cbef5d0f5c99b1c53a80"
},
{
"url": "https://git.kernel.org/stable/c/c3e31d613951c299487844c4d1686a933e8ee291",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3e31d613951c299487844c4d1686a933e8ee291"
},
{
"url": "https://git.kernel.org/stable/c/a648d80f8d9b208beee03a2d9aa690cfacf1d41e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a648d80f8d9b208beee03a2d9aa690cfacf1d41e"
},
{
"url": "https://git.kernel.org/stable/c/a94fd938df2b1628da66b498aa0eeb89593bc7a2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a94fd938df2b1628da66b498aa0eeb89593bc7a2"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2025/37xxx/CVE-2025-37774.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslab: ensure slab->obj_exts is clear in a newly allocated slab page\n\nktest recently reported crashes while running several buffered io tests\nwith __alloc_tagging_slab_alloc_hook() at the top of the crash call stack.\nThe signature indicates an invalid address dereference with low bits of\nslab->obj_exts being set. The bits were outside of the range used by\npage_memcg_data_flags and objext_flags and hence were not masked out\nby slab_obj_exts() when obtaining the pointer stored in slab->obj_exts.\nThe typical crash log looks like this:\n\n00510 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n00510 Mem abort info:\n00510 ESR = 0x0000000096000045\n00510 EC = 0x25: DABT (current EL), IL = 32 bits\n00510 SET = 0, FnV = 0\n00510 EA = 0, S1PTW = 0\n00510 FSC = 0x05: level 1 translation fault\n00510 Data abort info:\n00510 ISV = 0, ISS = 0x00000045, ISS2 = 0x00000000\n00510 CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n00510 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n00510 user pgtable: 4k pages, 39-bit VAs, pgdp=0000000104175000\n00510 [0000000000000010] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n00510 Internal error: Oops: 0000000096000045 [#1] SMP\n00510 Modules linked in:\n00510 CPU: 10 UID: 0 PID: 7692 Comm: cat Not tainted 6.15.0-rc1-ktest-g189e17946605 #19327 NONE\n00510 Hardware name: linux,dummy-virt (DT)\n00510 pstate: 20001005 (nzCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n00510 pc : __alloc_tagging_slab_alloc_hook+0xe0/0x190\n00510 lr : __kmalloc_noprof+0x150/0x310\n00510 sp : ffffff80c87df6c0\n00510 x29: ffffff80c87df6c0 x28: 000000000013d1ff x27: 000000000013d200\n00510 x26: ffffff80c87df9e0 x25: 0000000000000000 x24: 0000000000000001\n00510 x23: ffffffc08041953c x22: 000000000000004c x21: ffffff80c0002180\n00510 x20: fffffffec3120840 x19: ffffff80c4821000 x18: 0000000000000000\n00510 x17: fffffffec3d02f00 x16: fffffffec3d02e00 x15: fffffffec3d00700\n00510 x14: fffffffec3d00600 x13: 0000000000000200 x12: 0000000000000006\n00510 x11: ffffffc080bb86c0 x10: 0000000000000000 x9 : ffffffc080201e58\n00510 x8 : ffffff80c4821060 x7 : 0000000000000000 x6 : 0000000055555556\n00510 x5 : 0000000000000001 x4 : 0000000000000010 x3 : 0000000000000060\n00510 x2 : 0000000000000000 x1 : ffffffc080f50cf8 x0 : ffffff80d801d000\n00510 Call trace:\n00510 __alloc_tagging_slab_alloc_hook+0xe0/0x190 (P)\n00510 __kmalloc_noprof+0x150/0x310\n00510 __bch2_folio_create+0x5c/0xf8\n00510 bch2_folio_create+0x2c/0x40\n00510 bch2_readahead+0xc0/0x460\n00510 read_pages+0x7c/0x230\n00510 page_cache_ra_order+0x244/0x3a8\n00510 page_cache_async_ra+0x124/0x170\n00510 filemap_readahead.isra.0+0x58/0xa0\n00510 filemap_get_pages+0x454/0x7b0\n00510 filemap_read+0xdc/0x418\n00510 bch2_read_iter+0x100/0x1b0\n00510 vfs_read+0x214/0x300\n00510 ksys_read+0x6c/0x108\n00510 __arm64_sys_read+0x20/0x30\n00510 invoke_syscall.constprop.0+0x54/0xe8\n00510 do_el0_svc+0x44/0xc8\n00510 el0_svc+0x18/0x58\n00510 el0t_64_sync_handler+0x104/0x130\n00510 el0t_64_sync+0x154/0x158\n00510 Code: d5384100 f9401c01 b9401aa3 b40002e1 (f8227881)\n00510 ---[ end trace 0000000000000000 ]---\n00510 Kernel panic - not syncing: Oops: Fatal exception\n00510 SMP: stopping secondary CPUs\n00510 Kernel Offset: disabled\n00510 CPU features: 0x0000,000000e0,00000410,8240500b\n00510 Memory Limit: none\n\nInvestigation indicates that these bits are already set when we allocate\nslab page and are not zeroed out after allocation. We are not yet sure\nwhy these crashes start happening only recently but regardless of the\nreason, not initializing a field that gets used later is wrong. Fix it\nby initializing slab->obj_exts during slab page allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "21c690a349baab895dc68ab70d291e1598d7109d",
"version_value": "8baa747193591410a853bac9c3710142dfa4937b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8baa747193591410a853bac9c3710142dfa4937b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8baa747193591410a853bac9c3710142dfa4937b"
},
{
"url": "https://git.kernel.org/stable/c/28bef6622a1a874fe63aceeb0c684fab75afb3ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28bef6622a1a874fe63aceeb0c684fab75afb3ae"
},
{
"url": "https://git.kernel.org/stable/c/d2f5819b6ed357c0c350c0616b6b9f38be59adf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2f5819b6ed357c0c350c0616b6b9f38be59adf6"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

115
2025/37xxx/CVE-2025-37775.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix the warning from __kernel_write_iter\n\n[ 2110.972290] ------------[ cut here ]------------\n[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280\n\nThis patch doesn't allow writing to directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "44079e544c9f6e3e9fb43a16ddf8b08cf686d657"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/44079e544c9f6e3e9fb43a16ddf8b08cf686d657",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44079e544c9f6e3e9fb43a16ddf8b08cf686d657"
},
{
"url": "https://git.kernel.org/stable/c/b7ce8db490286c2e009758fa1416d66aeb333614",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b7ce8db490286c2e009758fa1416d66aeb333614"
},
{
"url": "https://git.kernel.org/stable/c/2a879da5c34a1e5d971e815d5b30f27eb6d69efc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2a879da5c34a1e5d971e815d5b30f27eb6d69efc"
},
{
"url": "https://git.kernel.org/stable/c/1ed343481ba6911178bc5ca7a51be319eafcc747",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ed343481ba6911178bc5ca7a51be319eafcc747"
},
{
"url": "https://git.kernel.org/stable/c/b37f2f332b40ad1c27f18682a495850f2f04db0a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b37f2f332b40ad1c27f18682a495850f2f04db0a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

104
2025/37xxx/CVE-2025-37776.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb_break_all_levII_oplock()\n\nThere is a room in smb_break_all_levII_oplock that can cause racy issues\nwhen unlocking in the middle of the loop. This patch use read lock\nto protect whole loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "296cb5457cc6f4a754c4ae29855f8a253d52bcc6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/296cb5457cc6f4a754c4ae29855f8a253d52bcc6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/296cb5457cc6f4a754c4ae29855f8a253d52bcc6"
},
{
"url": "https://git.kernel.org/stable/c/d54ab1520d43e95f9b2e22d7a05fc9614192e5a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d54ab1520d43e95f9b2e22d7a05fc9614192e5a5"
},
{
"url": "https://git.kernel.org/stable/c/d73686367ad68534257cd88a36ca3c52cb8b81d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d73686367ad68534257cd88a36ca3c52cb8b81d8"
},
{
"url": "https://git.kernel.org/stable/c/18b4fac5ef17f77fed9417d22210ceafd6525fc7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/18b4fac5ef17f77fed9417d22210ceafd6525fc7"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

82
2025/37xxx/CVE-2025-37777.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in __smb2_lease_break_noti()\n\nMove tcp_transport free to ksmbd_conn_free. If ksmbd connection is\nreferenced when ksmbd server thread terminates, It will not be freed,\nbut conn->tcp_transport is freed. __smb2_lease_break_noti can be performed\nasynchronously when the connection is disconnected. __smb2_lease_break_noti\ncalls ksmbd_conn_write, which can cause use-after-free\nwhen conn->ksmbd_transport is already freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "e59796fc80603bcd8569d4d2e10b213c1918edb4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4"
},
{
"url": "https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

115
2025/37xxx/CVE-2025-37778.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix dangling pointer in krb_authenticate\n\nkrb_authenticate frees sess->user and does not set the pointer\nto NULL. It calls ksmbd_krb5_authenticate to reinitialise\nsess->user but that function may return without doing so. If\nthat happens then smb2_sess_setup, which calls krb_authenticate,\nwill be accessing free'd memory when it later uses sess->user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "d5b554bc8d554ed6ddf443d3db2fad9f665cec10"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10"
},
{
"url": "https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325"
},
{
"url": "https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e"
},
{
"url": "https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6"
},
{
"url": "https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2025/37xxx/CVE-2025-37779.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/iov_iter: fix to increase non slab folio refcount\n\nWhen testing EROFS file-backed mount over v9fs on qemu, I encountered a\nfolio UAF issue. The page sanity check reports the following call trace. \nThe root cause is that pages in bvec are coalesced across a folio bounary.\nThe refcount of all non-slab folios should be increased to ensure\np9_releas_pages can put them correctly.\n\nBUG: Bad page state in process md5sum pfn:18300\npage: refcount:0 mapcount:0 mapping:00000000d5ad8e4e index:0x60 pfn:0x18300\nhead: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\naops:z_erofs_aops ino:30b0f dentry name(?):\"GoogleExtServicesCn.apk\"\nflags: 0x100000000000041(locked|head|node=0|zone=1)\nraw: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0\nraw: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000\nhead: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0\nhead: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000\nhead: 0100000000000000 0000000000000000 ffffffffffffffff 0000000000000000\nhead: 0000000000000010 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\nCall Trace:\n dump_stack_lvl+0x53/0x70\n bad_page+0xd4/0x220\n __free_pages_ok+0x76d/0xf30\n __folio_put+0x230/0x320\n p9_release_pages+0x179/0x1f0\n p9_virtio_zc_request+0xa2a/0x1230\n p9_client_zc_rpc.constprop.0+0x247/0x700\n p9_client_read_once+0x34d/0x810\n p9_client_read+0xf3/0x150\n v9fs_issue_read+0x111/0x360\n netfs_unbuffered_read_iter_locked+0x927/0x1390\n netfs_unbuffered_read_iter+0xa2/0xe0\n vfs_iocb_iter_read+0x2c7/0x460\n erofs_fileio_rq_submit+0x46b/0x5b0\n z_erofs_runqueue+0x1203/0x21e0\n z_erofs_readahead+0x579/0x8b0\n read_pages+0x19f/0xa70\n page_cache_ra_order+0x4ad/0xb80\n filemap_readahead.isra.0+0xe7/0x150\n filemap_get_pages+0x7aa/0x1890\n filemap_read+0x320/0xc80\n vfs_read+0x6c6/0xa30\n ksys_read+0xf9/0x1c0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x71/0x79"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b9c0e49abfca06f1a109acea834bcfc934f33f76",
"version_value": "d833f21162c4d536d729628f8cf1ee8d4110f2b7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d833f21162c4d536d729628f8cf1ee8d4110f2b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d833f21162c4d536d729628f8cf1ee8d4110f2b7"
},
{
"url": "https://git.kernel.org/stable/c/770c8d55c42868239c748a3ebc57c9e37755f842",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/770c8d55c42868239c748a3ebc57c9e37755f842"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37780.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle->f_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0fdafdaef796816a9ed0fd7ac812932d569d9beb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0fdafdaef796816a9ed0fd7ac812932d569d9beb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0fdafdaef796816a9ed0fd7ac812932d569d9beb"
},
{
"url": "https://git.kernel.org/stable/c/952e7a7e317f126d0a2b879fc531b716932d5ffa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/952e7a7e317f126d0a2b879fc531b716932d5ffa"
},
{
"url": "https://git.kernel.org/stable/c/56dfffea9fd3be0b3795a9ca6401e133a8427e0b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56dfffea9fd3be0b3795a9ca6401e133a8427e0b"
},
{
"url": "https://git.kernel.org/stable/c/007124c896e7d4614ac1f6bd4dedb975c35a2a8e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/007124c896e7d4614ac1f6bd4dedb975c35a2a8e"
},
{
"url": "https://git.kernel.org/stable/c/0405d4b63d082861f4eaff9d39c78ee9dc34f845",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0405d4b63d082861f4eaff9d39c78ee9dc34f845"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37781.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cros-ec-tunnel: defer probe if parent EC is not present\n\nWhen i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent\ndevice will not be found, leading to NULL pointer dereference.\n\nThat can also be reproduced by unbinding the controller driver and then\nloading i2c-cros-ec-tunnel module (or binding the device).\n\n[ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 271.998215] #PF: supervisor read access in kernel mode\n[ 272.003351] #PF: error_code(0x0000) - not-present page\n[ 272.008485] PGD 0 P4D 0\n[ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5\n[ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021\n[ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel]\n[ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9\n[ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282\n[ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000\n[ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00\n[ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000\n[ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000\n[ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10\n[ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000\n[ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0\n[ 272.129155] Call Trace:\n[ 272.131606] <TASK>\n[ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110\n[ 272.137985] platform_probe+0x69/0xa0\n[ 272.141652] really_probe+0x152/0x310\n[ 272.145318] __driver_probe_device+0x77/0x110\n[ 272.149678] driver_probe_device+0x1e/0x190\n[ 272.153864] __driver_attach+0x10b/0x1e0\n[ 272.157790] ? driver_attach+0x20/0x20\n[ 272.161542] bus_for_each_dev+0x107/0x150\n[ 272.165553] bus_add_driver+0x15d/0x270\n[ 272.169392] driver_register+0x65/0x110\n[ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698]\n[ 272.182617] do_one_initcall+0x110/0x350\n[ 272.186543] ? security_kernfs_init_security+0x49/0xd0\n[ 272.191682] ? __kernfs_new_node+0x1b9/0x240\n[ 272.195954] ? security_kernfs_init_security+0x49/0xd0\n[ 272.201093] ? __kernfs_new_node+0x1b9/0x240\n[ 272.205365] ? kernfs_link_sibling+0x105/0x130\n[ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0\n[ 272.214773] ? kernfs_activate+0x57/0x70\n[ 272.218699] ? kernfs_add_one+0x118/0x160\n[ 272.222710] ? __kernfs_create_file+0x71/0xa0\n[ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110\n[ 272.232033] ? internal_create_group+0x453/0x4a0\n[ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0\n[ 272.241355] ? __free_frozen_pages+0x1dc/0x420\n[ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0\n[ 272.250505] ? load_module+0x1509/0x16f0\n[ 272.254431] do_init_module+0x60/0x230\n[ 272.258181] __se_sys_finit_module+0x27a/0x370\n[ 272.262627] do_syscall_64+0x6a/0xf0\n[ 272.266206] ? do_syscall_64+0x76/0xf0\n[ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 272.279887] RIP: 0033:0x7b9309168d39\n[ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8\n[ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9d230c9e4f4e67cb1c1cb9e0f6142da16b0f2796",
"version_value": "3090cad5ccff8963b95160f4060068048a1e4c4c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3090cad5ccff8963b95160f4060068048a1e4c4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3090cad5ccff8963b95160f4060068048a1e4c4c"
},
{
"url": "https://git.kernel.org/stable/c/e89bf1311d4497c6743f3021e9c481b16c3a41c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e89bf1311d4497c6743f3021e9c481b16c3a41c9"
},
{
"url": "https://git.kernel.org/stable/c/1355b5ca4782be85a2ef7275e4c508f770d0fb27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1355b5ca4782be85a2ef7275e4c508f770d0fb27"
},
{
"url": "https://git.kernel.org/stable/c/da8edc9eb2516aface7f86be5fa6d09c0d07b9f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da8edc9eb2516aface7f86be5fa6d09c0d07b9f8"
},
{
"url": "https://git.kernel.org/stable/c/424eafe65647a8d6c690284536e711977153195a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/424eafe65647a8d6c690284536e711977153195a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37782.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key\n\nSyzbot reported an issue in hfs subsystem:\n\nBUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\nWrite of size 94 at addr ffff8880123cd100 by task syz-executor237/5102\n\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n memcpy_from_page include/linux/highmem.h:423 [inline]\n hfs_bnode_read fs/hfs/bnode.c:35 [inline]\n hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\n hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159\n hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118\n hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdir fs/namei.c:4300 [inline]\n __se_sys_mkdir fs/namei.c:4298 [inline]\n __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fbdd6057a99\n\nAdd a check for key length in hfs_bnode_read_key to prevent\nout-of-bounds memory access. If the key length is invalid, the\nkey buffer is cleared, improving stability and reliability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0296f9733543c7c8e666e69da743cfffd32dd805"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805"
},
{
"url": "https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16"
},
{
"url": "https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f"
},
{
"url": "https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb"
},
{
"url": "https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2025/37xxx/CVE-2025-37783.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check\n\nThe function dpu_plane_virtual_atomic_check was dereferencing pointers\nreturned by drm_atomic_get_plane_state without checking for errors. This\ncould lead to undefined behavior if the function returns an error pointer.\n\nThis commit adds checks using IS_ERR to ensure that plane_state is\nvalid before dereferencing them.\n\nSimilar to commit da29abe71e16\n(\"drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed\").\n\nPatchwork: https://patchwork.freedesktop.org/patch/643132/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "774bcfb731765d092992136b54c34958d7c64bea",
"version_value": "a9670ed1cce3216778c89936d3ae91cf0d436035"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a9670ed1cce3216778c89936d3ae91cf0d436035",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9670ed1cce3216778c89936d3ae91cf0d436035"
},
{
"url": "https://git.kernel.org/stable/c/5cb1b130e1cd04239cc9c26a98279f4660dce583",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5cb1b130e1cd04239cc9c26a98279f4660dce583"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

124
2025/37xxx/CVE-2025-37784.json
View File

@ -1,18 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icss-iep: Fix possible NULL pointer dereference for perout request\n\nThe ICSS IEP driver tracks perout and pps enable state with flags.\nCurrently when disabling pps and perout signals during icss_iep_exit(),\nresults in NULL pointer dereference for perout.\n\nTo fix the null pointer dereference issue, the icss_iep_perout_enable_hw\nfunction can be modified to directly clear the IEP CMP registers when\ndisabling PPS or PEROUT, without referencing the ptp_perout_request\nstructure, as its contents are irrelevant in this case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d6b130fabfe197935346fe9f1e50a0947b2b1be7",
"version_value": "7891619d21f07a88e0275d6d43db74035aa74f69"
},
{
"version_affected": "<",
"version_name": "4ac8e8bf70b436294534d06e5d500e950e20c13d",
"version_value": "da5035d7aeadcfa44096dd34689bfed6c657f559"
},
{
"version_affected": "<",
"version_name": "9b115361248dc6cce182a2dc030c1c70b0a9639e",
"version_value": "eeec66327001421531b3fb1a2ac32efc8a2493b0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7891619d21f07a88e0275d6d43db74035aa74f69",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7891619d21f07a88e0275d6d43db74035aa74f69"
},
{
"url": "https://git.kernel.org/stable/c/da5035d7aeadcfa44096dd34689bfed6c657f559",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da5035d7aeadcfa44096dd34689bfed6c657f559"
},
{
"url": "https://git.kernel.org/stable/c/eeec66327001421531b3fb1a2ac32efc8a2493b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eeec66327001421531b3fb1a2ac32efc8a2493b0"
},
{
"url": "https://git.kernel.org/stable/c/7349c9e9979333abfce42da5f9025598083b59c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7349c9e9979333abfce42da5f9025598083b59c9"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2025/37xxx/CVE-2025-37786.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: free routing table on probe failure\n\nIf complete = true in dsa_tree_setup(), it means that we are the last\nswitch of the tree which is successfully probing, and we should be\nsetting up all switches from our probe path.\n\nAfter \"complete\" becomes true, dsa_tree_setup_cpu_ports() or any\nsubsequent function may fail. If that happens, the entire tree setup is\nin limbo: the first N-1 switches have successfully finished probing\n(doing nothing but having allocated persistent memory in the tree's\ndst->ports, and maybe dst->rtable), and switch N failed to probe, ending\nthe tree setup process before anything is tangible from the user's PoV.\n\nIf switch N fails to probe, its memory (ports) will be freed and removed\nfrom dst->ports. However, the dst->rtable elements pointing to its ports,\nas created by dsa_link_touch(), will remain there, and will lead to\nuse-after-free if dereferenced.\n\nIf dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely\npossible because that is where ds->ops->setup() is, we get a kasan\nreport like this:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568\nRead of size 8 at addr ffff000004f56020 by task kworker/u8:3/42\n\nCall trace:\n __asan_report_load8_noabort+0x20/0x30\n mv88e6xxx_setup_upstream_port+0x240/0x568\n mv88e6xxx_setup+0xebc/0x1eb0\n dsa_register_switch+0x1af4/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nAllocated by task 42:\n __kasan_kmalloc+0x84/0xa0\n __kmalloc_cache_noprof+0x298/0x490\n dsa_switch_touch_ports+0x174/0x3d8\n dsa_register_switch+0x800/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nFreed by task 42:\n __kasan_slab_free+0x48/0x68\n kfree+0x138/0x418\n dsa_register_switch+0x2694/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nThe simplest way to fix the bug is to delete the routing table in its\nentirety. dsa_tree_setup_routing_table() has no problem in regenerating\nit even if we deleted links between ports other than those of switch N,\nbecause dsa_link_touch() first checks whether the port pair already\nexists in dst->rtable, allocating if not.\n\nThe deletion of the routing table in its entirety already exists in\ndsa_tree_teardown(), so refactor that into a function that can also be\ncalled from the tree setup error path.\n\nIn my analysis of the commit to blame, it is the one which added\ndsa_link elements to dst->rtable. Prior to that, each switch had its own\nds->rtable which is freed when the switch fails to probe. But the tree\nis potentially persistent memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"version_value": "fb12b460ec46c9efad98de6d9ba349691db51dc7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fb12b460ec46c9efad98de6d9ba349691db51dc7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb12b460ec46c9efad98de6d9ba349691db51dc7"
},
{
"url": "https://git.kernel.org/stable/c/5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de"
},
{
"url": "https://git.kernel.org/stable/c/a038f5f15af455dfe35bc68549e02b950978700a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a038f5f15af455dfe35bc68549e02b950978700a"
},
{
"url": "https://git.kernel.org/stable/c/8bf108d7161ffc6880ad13a0cc109de3cf631727",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8bf108d7161ffc6880ad13a0cc109de3cf631727"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37787.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond && !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "836021a2d0e0e4c90b895a35bd9c0342071855fb",
"version_value": "b3c70dfe51f10df60db2646c08cebd24bcdc5247"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b3c70dfe51f10df60db2646c08cebd24bcdc5247",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3c70dfe51f10df60db2646c08cebd24bcdc5247"
},
{
"url": "https://git.kernel.org/stable/c/bbb80f004f7a90c3dcaacc982c59967457254a05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbb80f004f7a90c3dcaacc982c59967457254a05"
},
{
"url": "https://git.kernel.org/stable/c/3665695e3572239dc233216f06b41f40cc771889",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3665695e3572239dc233216f06b41f40cc771889"
},
{
"url": "https://git.kernel.org/stable/c/5f5e95945bb1e08be7655da6acba648274db457d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f5e95945bb1e08be7655da6acba648274db457d"
},
{
"url": "https://git.kernel.org/stable/c/c84f6ce918a9e6f4996597cbc62536bbf2247c96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c84f6ce918a9e6f4996597cbc62536bbf2247c96"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37788.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path\n\nIn the for loop used to allocate the loc_array and bmap for each port, a\nmemory leak is possible when the allocation for loc_array succeeds,\nbut the allocation for bmap fails. This is because when the control flow\ngoes to the label free_eth_finfo, only the allocations starting from\n(i-1)th iteration are freed.\n\nFix that by freeing the loc_array in the bmap allocation error path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"version_value": "fa2d7708955e4f8212fd69bab1da604e60cb0b15"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15"
},
{
"url": "https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67"
},
{
"url": "https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284"
},
{
"url": "https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822"
},
{
"url": "https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37789.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt's not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ccb1352e76cff0524e7ccb2074826a092dd13016",
"version_value": "1489c195c8eecd262aa6712761ba5288203e28ec"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec"
},
{
"url": "https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7"
},
{
"url": "https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc"
},
{
"url": "https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b"
},
{
"url": "https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37790.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn't go away in\nthe middle of a lookup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "833ef3b91de692ef33b800bca6b1569c39dece74",
"version_value": "b9764ebebb007249fb733a131b6110ff333b6616"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b9764ebebb007249fb733a131b6110ff333b6616",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b9764ebebb007249fb733a131b6110ff333b6616"
},
{
"url": "https://git.kernel.org/stable/c/a8a3b61ce140e2b0a72a779e8d70f60c0cf1e47a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8a3b61ce140e2b0a72a779e8d70f60c0cf1e47a"
},
{
"url": "https://git.kernel.org/stable/c/3f899bd6dd56ddc46509b526e23a8f0a97712a6d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f899bd6dd56ddc46509b526e23a8f0a97712a6d"
},
{
"url": "https://git.kernel.org/stable/c/e3b5edbdb45924a7d4206d13868a2aac71f1e53d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3b5edbdb45924a7d4206d13868a2aac71f1e53d"
},
{
"url": "https://git.kernel.org/stable/c/52024cd6ec71a6ca934d0cc12452bd8d49850679",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52024cd6ec71a6ca934d0cc12452bd8d49850679"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2025/37xxx/CVE-2025-37791.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()\n\nrpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct\nsize of rpl is sizeof(*rpl) which should be just 1 byte. Using the\npointer size instead can cause stack corruption:\n\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100\nCPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G OE 6.11.0 #24\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023\nWorkqueue: events module_flash_fw_work\nCall Trace:\n <TASK>\n panic+0x339/0x360\n ? ethtool_cmis_wait_for_cond+0xf4/0x100\n ? __pfx_status_success+0x10/0x10\n ? __pfx_status_fail+0x10/0x10\n __stack_chk_fail+0x10/0x10\n ethtool_cmis_wait_for_cond+0xf4/0x100\n ethtool_cmis_cdb_execute_cmd+0x1fc/0x330\n ? __pfx_status_fail+0x10/0x10\n cmis_cdb_module_features_get+0x6d/0xd0\n ethtool_cmis_cdb_init+0x8a/0xd0\n ethtool_cmis_fw_update+0x46/0x1d0\n module_flash_fw_work+0x17/0xa0\n process_one_work+0x179/0x390\n worker_thread+0x239/0x340\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a39c84d796254e6b1662ca0c46dbc313379e9291",
"version_value": "61765e1b417a23371c3735e3cddf4ad9354ed2e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/61765e1b417a23371c3735e3cddf4ad9354ed2e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61765e1b417a23371c3735e3cddf4ad9354ed2e9"
},
{
"url": "https://git.kernel.org/stable/c/7eb0a0072f966bb0b01d8b7d529d9743a7187bd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7eb0a0072f966bb0b01d8b7d529d9743a7187bd1"
},
{
"url": "https://git.kernel.org/stable/c/f3fdd4fba16c74697d8bc730b82fb7c1eff7fab3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3fdd4fba16c74697d8bc730b82fb7c1eff7fab3"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37792.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btrtl: Prevent potential NULL dereference\n\nThe btrtl_initialize() function checks that rtl_load_file() either\nhad an error or it loaded a zero length file. However, if it loaded\na zero length file then the error code is not set correctly. It\nresults in an error pointer vs NULL bug, followed by a NULL pointer\ndereference. This was detected by Smatch:\n\ndrivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "26503ad25de8c7c93a2037f919c2e49a62cf65f1",
"version_value": "d8441818690d795232331bd8358545c5c95b6b72"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d8441818690d795232331bd8358545c5c95b6b72",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d8441818690d795232331bd8358545c5c95b6b72"
},
{
"url": "https://git.kernel.org/stable/c/3db6605043b50c8bb768547b23e0222f67ceef3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3db6605043b50c8bb768547b23e0222f67ceef3e"
},
{
"url": "https://git.kernel.org/stable/c/aaf356f872a60db1e96fb762a62c4607fd22741f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aaf356f872a60db1e96fb762a62c4607fd22741f"
},
{
"url": "https://git.kernel.org/stable/c/53ceef799dcfc22c734d600811bfc9dd32eaea0a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53ceef799dcfc22c734d600811bfc9dd32eaea0a"
},
{
"url": "https://git.kernel.org/stable/c/324dddea321078a6eeb535c2bff5257be74c9799",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/324dddea321078a6eeb535c2bff5257be74c9799"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2025/37xxx/CVE-2025-37793.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\navs_component_probe() does not check for this case, which results in a\nNULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "739c031110da9ba966b0189fa25a2a1c0d42263c",
"version_value": "aaa93b8846101461de815759d39979661b82d5a5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aaa93b8846101461de815759d39979661b82d5a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aaa93b8846101461de815759d39979661b82d5a5"
},
{
"url": "https://git.kernel.org/stable/c/23fde311ea1d0a6c36bf92ce48b90b77d0ece1a4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/23fde311ea1d0a6c36bf92ce48b90b77d0ece1a4"
},
{
"url": "https://git.kernel.org/stable/c/c2825073271b6f15e669a424b363612082494863",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c2825073271b6f15e669a424b363612082494863"
},
{
"url": "https://git.kernel.org/stable/c/95f723cf141b95e3b3a5b92cf2ea98a863fe7275",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/95f723cf141b95e3b3a5b92cf2ea98a863fe7275"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37794.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Purge vif txq in ieee80211_do_stop()\n\nAfter ieee80211_do_stop() SKB from vif's txq could still be processed.\nIndeed another concurrent vif schedule_and_wake_txq call could cause\nthose packets to be dequeued (see ieee80211_handle_wake_tx_queue())\nwithout checking the sdata current state.\n\nBecause vif.drv_priv is now cleared in this function, this could lead to\ndriver crash.\n\nFor example in ath12k, ahvif is store in vif.drv_priv. Thus if\nath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif->ah can be\nNULL, leading the ath12k_warn(ahvif->ah,...) call in this function to\ntrigger the NULL deref below.\n\n Unable to handle kernel paging request at virtual address dfffffc000000001\n KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n batman_adv: bat0: Interface deactivated: brbh1337\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [dfffffc000000001] address between user and kernel address ranges\n Internal error: Oops: 0000000096000004 [#1] SMP\n CPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114\n Hardware name: HW (DT)\n pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k]\n lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k]\n sp : ffffffc086ace450\n x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4\n x26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e\n x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0\n x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958\n x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8\n x14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03\n x11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40\n x8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0\n x5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008\n Call trace:\n ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P)\n ieee80211_handle_wake_tx_queue+0x16c/0x260\n ieee80211_queue_skb+0xeec/0x1d20\n ieee80211_tx+0x200/0x2c8\n ieee80211_xmit+0x22c/0x338\n __ieee80211_subif_start_xmit+0x7e8/0xc60\n ieee80211_subif_start_xmit+0xc4/0xee0\n __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0\n ieee80211_subif_start_xmit_8023+0x124/0x488\n dev_hard_start_xmit+0x160/0x5a8\n __dev_queue_xmit+0x6f8/0x3120\n br_dev_queue_push_xmit+0x120/0x4a8\n __br_forward+0xe4/0x2b0\n deliver_clone+0x5c/0xd0\n br_flood+0x398/0x580\n br_dev_xmit+0x454/0x9f8\n dev_hard_start_xmit+0x160/0x5a8\n __dev_queue_xmit+0x6f8/0x3120\n ip6_finish_output2+0xc28/0x1b60\n __ip6_finish_output+0x38c/0x638\n ip6_output+0x1b4/0x338\n ip6_local_out+0x7c/0xa8\n ip6_send_skb+0x7c/0x1b0\n ip6_push_pending_frames+0x94/0xd0\n rawv6_sendmsg+0x1a98/0x2898\n inet_sendmsg+0x94/0xe0\n __sys_sendto+0x1e4/0x308\n __arm64_sys_sendto+0xc4/0x140\n do_el0_svc+0x110/0x280\n el0_svc+0x20/0x60\n el0t_64_sync_handler+0x104/0x138\n el0t_64_sync+0x154/0x158\n\nTo avoid that, empty vif's txq at ieee80211_do_stop() so no packet could\nbe dequeued after ieee80211_do_stop() (new packets cannot be queued\nbecause SDATA_STATE_RUNNING is cleared at this point)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ba8c3d6f16a1f9305c23ac1d2fd3992508c5ac03",
"version_value": "5f6863dc407f25fcf23fc857f9ac51756a09ea2c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5f6863dc407f25fcf23fc857f9ac51756a09ea2c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f6863dc407f25fcf23fc857f9ac51756a09ea2c"
},
{
"url": "https://git.kernel.org/stable/c/c74b84544dee27298a71715b3ce2c40d372b5a23",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c74b84544dee27298a71715b3ce2c40d372b5a23"
},
{
"url": "https://git.kernel.org/stable/c/a8df245b5b29f6de98d016dc18e2bb35ec70b0cb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8df245b5b29f6de98d016dc18e2bb35ec70b0cb"
},
{
"url": "https://git.kernel.org/stable/c/8bc34db7f771a464ff8f686b6f8d4e04963fec27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8bc34db7f771a464ff8f686b6f8d4e04963fec27"
},
{
"url": "https://git.kernel.org/stable/c/378677eb8f44621ecc9ce659f7af61e5baa94d81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/378677eb8f44621ecc9ce659f7af61e5baa94d81"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37795.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()\n\nThe ieee80211 skb control block key (set when skb was queued) could have\nbeen removed before ieee80211_tx_dequeue() call. ieee80211_tx_dequeue()\nalready called ieee80211_tx_h_select_key() to get the current key, but\nthe latter do not update the key in skb control block in case it is\nNULL. Because some drivers actually use this key in their TX callbacks\n(e.g. ath1{1,2}k_mac_op_tx()) this could lead to the use after free\nbelow:\n\n BUG: KASAN: slab-use-after-free in ath11k_mac_op_tx+0x590/0x61c\n Read of size 4 at addr ffffff803083c248 by task kworker/u16:4/1440\n\n CPU: 3 UID: 0 PID: 1440 Comm: kworker/u16:4 Not tainted 6.13.0-ge128f627f404 #2\n Hardware name: HW (DT)\n Workqueue: bat_events batadv_send_outstanding_bcast_packet\n Call trace:\n show_stack+0x14/0x1c (C)\n dump_stack_lvl+0x58/0x74\n print_report+0x164/0x4c0\n kasan_report+0xac/0xe8\n __asan_report_load4_noabort+0x1c/0x24\n ath11k_mac_op_tx+0x590/0x61c\n ieee80211_handle_wake_tx_queue+0x12c/0x1c8\n ieee80211_queue_skb+0xdcc/0x1b4c\n ieee80211_tx+0x1ec/0x2bc\n ieee80211_xmit+0x224/0x324\n __ieee80211_subif_start_xmit+0x85c/0xcf8\n ieee80211_subif_start_xmit+0xc0/0xec4\n dev_hard_start_xmit+0xf4/0x28c\n __dev_queue_xmit+0x6ac/0x318c\n batadv_send_skb_packet+0x38c/0x4b0\n batadv_send_outstanding_bcast_packet+0x110/0x328\n process_one_work+0x578/0xc10\n worker_thread+0x4bc/0xc7c\n kthread+0x2f8/0x380\n ret_from_fork+0x10/0x20\n\n Allocated by task 1906:\n kasan_save_stack+0x28/0x4c\n kasan_save_track+0x1c/0x40\n kasan_save_alloc_info+0x3c/0x4c\n __kasan_kmalloc+0xac/0xb0\n __kmalloc_noprof+0x1b4/0x380\n ieee80211_key_alloc+0x3c/0xb64\n ieee80211_add_key+0x1b4/0x71c\n nl80211_new_key+0x2b4/0x5d8\n genl_family_rcv_msg_doit+0x198/0x240\n <...>\n\n Freed by task 1494:\n kasan_save_stack+0x28/0x4c\n kasan_save_track+0x1c/0x40\n kasan_save_free_info+0x48/0x94\n __kasan_slab_free+0x48/0x60\n kfree+0xc8/0x31c\n kfree_sensitive+0x70/0x80\n ieee80211_key_free_common+0x10c/0x174\n ieee80211_free_keys+0x188/0x46c\n ieee80211_stop_mesh+0x70/0x2cc\n ieee80211_leave_mesh+0x1c/0x60\n cfg80211_leave_mesh+0xe0/0x280\n cfg80211_leave+0x1e0/0x244\n <...>\n\nReset SKB control block key before calling ieee80211_tx_h_select_key()\nto avoid that."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "bb42f2d13ffcd0baed7547b37d05add51fcd50e1",
"version_value": "a167a2833d3f862e800cc23067b21ff1df3a1085"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a167a2833d3f862e800cc23067b21ff1df3a1085",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a167a2833d3f862e800cc23067b21ff1df3a1085"
},
{
"url": "https://git.kernel.org/stable/c/7fa75affe2a97abface2b0d9b95e15728967dda7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7fa75affe2a97abface2b0d9b95e15728967dda7"
},
{
"url": "https://git.kernel.org/stable/c/159499c1341f66a71d985e9b79f2131e88d1c646",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/159499c1341f66a71d985e9b79f2131e88d1c646"
},
{
"url": "https://git.kernel.org/stable/c/0cbd747f343c28d911443dd4174820600cc0d952",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0cbd747f343c28d911443dd4174820600cc0d952"
},
{
"url": "https://git.kernel.org/stable/c/a104042e2bf6528199adb6ca901efe7b60c2c27f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a104042e2bf6528199adb6ca901efe7b60c2c27f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2025/37xxx/CVE-2025-37796.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-37796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: at76c50x: fix use after free access in at76_disconnect\n\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "29e20aa6c6aff35c81d4da2e2cd516dadb569061",
"version_value": "5e7df74745700f059dc117a620e566964a2e8f2c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.135",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.88",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.25",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.4",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15-rc3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5e7df74745700f059dc117a620e566964a2e8f2c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5e7df74745700f059dc117a620e566964a2e8f2c"
},
{
"url": "https://git.kernel.org/stable/c/7ca513631fa6ad3011b8b9197cdde0f351103704",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7ca513631fa6ad3011b8b9197cdde0f351103704"
},
{
"url": "https://git.kernel.org/stable/c/a9682bfef2cf3802515a902e964d774e137be1b9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9682bfef2cf3802515a902e964d774e137be1b9"
},
{
"url": "https://git.kernel.org/stable/c/152721cbae42713ecfbca6847e0f102ee6b19546",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/152721cbae42713ecfbca6847e0f102ee6b19546"
},
{
"url": "https://git.kernel.org/stable/c/27c7e63b3cb1a20bb78ed4a36c561ea4579fd7da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27c7e63b3cb1a20bb78ed4a36c561ea4579fd7da"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

4
2025/3xxx/CVE-2025-3211.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in code-projects Patient Record Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /birthing_print.php. Mittels dem Manipulieren des Arguments itr_no mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "Es wurde eine Schwachstelle in code-projects Patient Record Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /birthing_print.php. Mittels dem Manipulieren des Arguments itr_no/birth_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},

4
2025/3xxx/CVE-2025-3243.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in code-projects Patient Record Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /dental_form.php. Durch Beeinflussen des Arguments itr_no mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "Eine kritische Schwachstelle wurde in code-projects Patient Record Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /dental_form.php. Durch Beeinflussen des Arguments itr_no/dental_no mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},

56
2025/44xxx/CVE-2025-44835.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-44835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-44835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/n0wstr/IOTVuln/tree/main/DIR-816/IptablesWebsFilterRun",
"refsource": "MISC",
"name": "https://github.com/n0wstr/IOTVuln/tree/main/DIR-816/IptablesWebsFilterRun"
}
]
}

56
2025/44xxx/CVE-2025-44854.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-44854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-44854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Totolink CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CP900/setUpgradeUboot/readme.md",
"refsource": "MISC",
"name": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CP900/setUpgradeUboot/readme.md"
}
]
}

18
2025/4xxx/CVE-2025-4189.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4189",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4190.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4190",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4191.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4191",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4192.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4193.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4194.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4195.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4196.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4197.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4198.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4199.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4200.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}