mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
168 lines
9.1 KiB
JSON
168 lines
9.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2025-21996",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, 'size'\nwill point to 'tmp' variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init 'tmp' with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "2fc5703abda201f138faf63bdca743d04dbf4b1a",
|
|
"version_value": "0effb378ebce52b897f85cd7f828854b8c7cb636"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "3.15",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "3.15",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.4.292",
|
|
"lessThanOrEqual": "5.4.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.236",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.180",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.1.132",
|
|
"lessThanOrEqual": "6.1.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.6.85",
|
|
"lessThanOrEqual": "6.6.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.12.21",
|
|
"lessThanOrEqual": "6.12.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.13.9",
|
|
"lessThanOrEqual": "6.13.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.14",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-7c5fe7eed585"
|
|
}
|
|
} |