admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-29 14:00:33 +00:00
parent 77ddc4a54b
commit af92bb5d53
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 1046 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2025/37xxx/CVE-2025-37993.json
View File

@ -1,18 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37993", "ID": "CVE-2025-37993",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe\n\nThe spin lock tx_handling_spinlock in struct m_can_classdev is not\nbeing initialized. This leads the following spinlock bad magic\ncomplaint from the kernel, eg. when trying to send CAN frames with\ncansend from can-utils:\n\n| BUG: spinlock bad magic on CPU#0, cansend/95\n| lock: 0xff60000002ec1010, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0\n| CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE\n| Hardware name: MachineWare SIM-V (DT)\n| Call Trace:\n| [<ffffffff800133e0>] dump_backtrace+0x1c/0x24\n| [<ffffffff800022f2>] show_stack+0x28/0x34\n| [<ffffffff8000de3e>] dump_stack_lvl+0x4a/0x68\n| [<ffffffff8000de70>] dump_stack+0x14/0x1c\n| [<ffffffff80003134>] spin_dump+0x62/0x6e\n| [<ffffffff800883ba>] do_raw_spin_lock+0xd0/0x142\n| [<ffffffff807a6fcc>] _raw_spin_lock_irqsave+0x20/0x2c\n| [<ffffffff80536dba>] m_can_start_xmit+0x90/0x34a\n| [<ffffffff806148b0>] dev_hard_start_xmit+0xa6/0xee\n| [<ffffffff8065b730>] sch_direct_xmit+0x114/0x292\n| [<ffffffff80614e2a>] __dev_queue_xmit+0x3b0/0xaa8\n| [<ffffffff8073b8fa>] can_send+0xc6/0x242\n| [<ffffffff8073d1c0>] raw_sendmsg+0x1a8/0x36c\n| [<ffffffff805ebf06>] sock_write_iter+0x9a/0xee\n| [<ffffffff801d06ea>] vfs_write+0x184/0x3a6\n| [<ffffffff801d0a88>] ksys_write+0xa0/0xc0\n| [<ffffffff801d0abc>] __riscv_sys_write+0x14/0x1c\n| [<ffffffff8079ebf8>] do_trap_ecall_u+0x168/0x212\n| [<ffffffff807a830a>] handle_exception+0x146/0x152\n\nInitializing the spin lock in m_can_class_allocate_dev solves that\nproblem."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1fa80e23c15051edc1c594270517de3517ded798",
"version_value": "2ecce25ea296f328d79070ee36229a15aeeb7aca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2ecce25ea296f328d79070ee36229a15aeeb7aca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ecce25ea296f328d79070ee36229a15aeeb7aca"
},
{
"url": "https://git.kernel.org/stable/c/7d5379cfecfdd665e4206bc4f19824656388779f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d5379cfecfdd665e4206bc4f19824656388779f"
},
{
"url": "https://git.kernel.org/stable/c/dcaeeb8ae84c5506ebc574732838264f3887738c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dcaeeb8ae84c5506ebc574732838264f3887738c"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

136
2025/37xxx/CVE-2025-37994.json
View File

@ -1,18 +1,146 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37994", "ID": "CVE-2025-37994",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: displayport: Fix NULL pointer access\n\nThis patch ensures that the UCSI driver waits for all pending tasks in the\nucsi_displayport_work workqueue to finish executing before proceeding with\nthe partner removal."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"version_value": "7804c4d63edfdd5105926cc291e806e8f4ce01b5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.183",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.139",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.91",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc291e806e8f4ce01b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc291e806e8f4ce01b5"
},
{
"url": "https://git.kernel.org/stable/c/076ab0631ed4928905736f1701e25f1e722bc086",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/076ab0631ed4928905736f1701e25f1e722bc086"
},
{
"url": "https://git.kernel.org/stable/c/14f298c52188c34acde9760bf5abc669c5c36fdb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/14f298c52188c34acde9760bf5abc669c5c36fdb"
},
{
"url": "https://git.kernel.org/stable/c/5ad298d6d4aebe1229adba6427e417e89a5208d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ad298d6d4aebe1229adba6427e417e89a5208d8"
},
{
"url": "https://git.kernel.org/stable/c/e9b63faf5c97deb43fc39a52edbc39d626cc14bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9b63faf5c97deb43fc39a52edbc39d626cc14bf"
},
{
"url": "https://git.kernel.org/stable/c/312d79669e71283d05c05cc49a1a31e59e3d9e0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/312d79669e71283d05c05cc49a1a31e59e3d9e0e"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

136
2025/37xxx/CVE-2025-37995.json
View File

@ -1,18 +1,146 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37995", "ID": "CVE-2025-37995",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: ensure that kobject_put() is safe for module type kobjects\n\nIn 'lookup_or_create_module_kobject()', an internal kobject is created\nusing 'module_ktype'. So call to 'kobject_put()' on error handling\npath causes an attempt to use an uninitialized completion pointer in\n'module_kobject_release()'. In this scenario, we just want to release\nkobject without an extra synchronization required for a regular module\nunloading process, so adding an extra check whether 'complete()' is\nactually required makes 'kobject_put()' safe."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "942e443127e928a5631c3d5102aca8c8b3c2dd98",
"version_value": "f1c71b4bd721a4ea21da408806964b10468623f2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.183",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.139",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.91",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da408806964b10468623f2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da408806964b10468623f2"
},
{
"url": "https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd"
},
{
"url": "https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf512de9e1a3d6649",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf512de9e1a3d6649"
},
{
"url": "https://git.kernel.org/stable/c/d63851049f412cdfadaeef7a7eaef5031d11c1e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d63851049f412cdfadaeef7a7eaef5031d11c1e9"
},
{
"url": "https://git.kernel.org/stable/c/31d8df3f303c3ae9115230820977ef8c35c88808",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31d8df3f303c3ae9115230820977ef8c35c88808"
},
{
"url": "https://git.kernel.org/stable/c/a6aeb739974ec73e5217c75a7c008a688d3d5cf1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6aeb739974ec73e5217c75a7c008a688d3d5cf1"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

92
2025/37xxx/CVE-2025-37996.json
View File

@ -1,18 +1,102 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37996", "ID": "CVE-2025-37996",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()\n\nCommit fce886a60207 (\"KVM: arm64: Plumb the pKVM MMU in KVM\") made the\ninitialization of the local memcache variable in user_mem_abort()\nconditional, leaving a codepath where it is used uninitialized via\nkvm_pgtable_stage2_map().\n\nThis can fail on any path that requires a stage-2 allocation\nwithout transition via a permission fault or dirty logging.\n\nFix this by making sure that memcache is always valid."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "fce886a6020734d6253c2c5a3bc285e385cc5496",
"version_value": "a26d50f8a4a5049e956984797b5d0dedea4bbb18"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a26d50f8a4a5049e956984797b5d0dedea4bbb18",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a26d50f8a4a5049e956984797b5d0dedea4bbb18"
},
{
"url": "https://git.kernel.org/stable/c/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

144
2025/37xxx/CVE-2025-37997.json
View File

@ -1,18 +1,154 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37997", "ID": "CVE-2025-37997",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix region locking in hash types\n\nRegion locking introduced in v5.6-rc4 contained three macros to handle\nthe region locks: ahash_bucket_start(), ahash_bucket_end() which gave\nback the start and end hash bucket values belonging to a given region\nlock and ahash_region() which should give back the region lock belonging\nto a given hash bucket. The latter was incorrect which can lead to a\nrace condition between the garbage collector and adding new elements\nwhen a hash type of set is defined with timeouts."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f66ee0410b1c3481ee75e5db9b34547b4d582465",
"version_value": "82c1eb32693bc48251d92532975e19160987e5b9"
},
{
"version_affected": "=",
"version_value": "5dd9488ae41070b69d2f4acb580f77db5705f9ca"
},
{
"version_affected": "=",
"version_value": "a469bab3386aebff33c59506f3a95e35b91118fd"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.183",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.139",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.91",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9"
},
{
"url": "https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df"
},
{
"url": "https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6"
},
{
"url": "https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5"
},
{
"url": "https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59"
},
{
"url": "https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

136
2025/37xxx/CVE-2025-37998.json
View File

@ -1,18 +1,146 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37998", "ID": "CVE-2025-37998",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ccb1352e76cff0524e7ccb2074826a092dd13016",
"version_value": "47f7f00cf2fa3137d5c0416ef1a71bdf77901395"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.183",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.139",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.91",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47f7f00cf2fa3137d5c0416ef1a71bdf77901395"
},
{
"url": "https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bca8df998cce1fead8cbc69144862eadc2e34c87"
},
{
"url": "https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0236742bd959332181c1fcc41a05b7b709180501"
},
{
"url": "https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ec334aaab74705cc515205e1da3cb369fdfd93cd"
},
{
"url": "https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4fa672cbce9c86c3efb8621df1ae580d47813430"
},
{
"url": "https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6beb6835c1fbb3f676aebb51a5fee6b77fed9308"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

103
2025/37xxx/CVE-2025-37999.json
View File

@ -1,18 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-37999", "ID": "CVE-2025-37999",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()\n\nIf bio_add_folio() fails (because it is full),\nerofs_fileio_scan_folio() needs to submit the I/O request via\nerofs_fileio_rq_submit() and allocate a new I/O request with an empty\n`struct bio`. Then it retries the bio_add_folio() call.\n\nHowever, at this point, erofs_onlinefolio_split() has already been\ncalled which increments `folio->private`; the retry will call\nerofs_onlinefolio_split() again, but there will never be a matching\nerofs_onlinefolio_end() call. This leaves the folio locked forever\nand all waiters will be stuck in folio_wait_bit_common().\n\nThis bug has been added by commit ce63cb62d794 (\"erofs: support\nunencoded inodes for fileio\"), but was practically unreachable because\nthere was room for 256 folios in the `struct bio` - until commit\n9f74ae8c9ac9 (\"erofs: shorten bvecs[] for file-backed mounts\") which\nreduced the array capacity to 16 folios.\n\nIt was now trivial to trigger the bug by manually invoking readahead\nfrom userspace, e.g.:\n\n posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED);\n\nThis should be fixed by invoking erofs_onlinefolio_split() only after\nbio_add_folio() has succeeded. This is safe: asynchronous completions\ninvoking erofs_onlinefolio_end() will not unlock the folio because\nerofs_fileio_scan_folio() is still holding a reference to be released\nby erofs_onlinefolio_end() at the end."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ce63cb62d794c98c7631c2296fa845f2a8d0a4a1",
"version_value": "61e0fc3312309867e5a3495329dad0286d2a5703"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.29",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.7",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/61e0fc3312309867e5a3495329dad0286d2a5703",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61e0fc3312309867e5a3495329dad0286d2a5703"
},
{
"url": "https://git.kernel.org/stable/c/c26076197df348c84cc23e5962d61902e072a0f5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c26076197df348c84cc23e5962d61902e072a0f5"
},
{
"url": "https://git.kernel.org/stable/c/bbfe756dc3062c1e934f06e5ba39c239aa953b92",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbfe756dc3062c1e934f06e5ba39c239aa953b92"
}
]
},
"generator": {
"engine": "bippy-1.2.0"
} }
} }

61
2025/46xxx/CVE-2025-46078.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-46078",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-46078",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yggcwhat/test/blob/main/README.md",
"refsource": "MISC",
"name": "https://github.com/yggcwhat/test/blob/main/README.md"
},
{
"refsource": "MISC",
"name": "https://github.com/yggcwhat/CVE-2025-46078/",
"url": "https://github.com/yggcwhat/CVE-2025-46078/"
} }
] ]
} }

61
2025/46xxx/CVE-2025-46080.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-46080",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-46080",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yggcwhat/test2/blob/main/README.md",
"refsource": "MISC",
"name": "https://github.com/yggcwhat/test2/blob/main/README.md"
},
{
"refsource": "MISC",
"name": "https://github.com/yggcwhat/CVE-2025-46080/",
"url": "https://github.com/yggcwhat/CVE-2025-46080/"
} }
] ]
} }

118
2025/5xxx/CVE-2025-5320.json
View File

@ -1,17 +1,127 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-5320", "ID": "CVE-2025-5320",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in gradio-app gradio bis 5.29.1 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion is_valid_origin der Komponente CORS Handler. Mittels dem Manipulieren des Arguments localhost_aliases mit unbekannten Daten kann eine origin validation error-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Origin Validation Error",
"cweId": "CWE-346"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gradio-app",
"product": {
"product_data": [
{
"product_name": "gradio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.29.0"
},
{
"version_affected": "=",
"version_value": "5.29.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310491",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310491"
},
{
"url": "https://vuldb.com/?ctiid.310491",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310491"
},
{
"url": "https://vuldb.com/?submit.580250",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.580250"
},
{
"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe",
"refsource": "MISC",
"name": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe"
},
{
"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc",
"refsource": "MISC",
"name": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Gavin Zhong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"
} }
] ]
} }