Auto-Update: 2025-02-09T13:00:19.843917+00:00

CVE-2024/CVE-2024-579xx/CVE-2024-57949.json

@@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-57949",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-02-09T12:15:28.570",
+  "lastModified": "2025-02-09T12:15:28.570",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()\n\nThe following call-chain leads to enabling interrupts in a nested interrupt\ndisabled section:\n\nirq_set_vcpu_affinity()\n  irq_get_desc_lock()\n     raw_spin_lock_irqsave()   <--- Disable interrupts\n  its_irq_set_vcpu_affinity()\n     guard(raw_spinlock_irq)   <--- Enables interrupts when leaving the guard()\n  irq_put_desc_unlock()        <--- Warns because interrupts are enabled\n\nThis was broken in commit b97e8a2f7130, which replaced the original\nraw_spin_[un]lock() pair with guard(raw_spinlock_irq).\n\nFix the issue by using guard(raw_spinlock).\n\n[ tglx: Massaged change log ]"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/6c84ff2e788fce0099ee3e71a3ed258b1ca1a223",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/93955a7788121ab5a0f7f27e988b2ed1135a4866",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d7b0e89610dd45ac6cf0d6f99bfa9ccc787db344",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}

CVE-2025/CVE-2025-216xx/CVE-2025-21684.json

@@ -0,0 +1,29 @@
+{
+  "id": "CVE-2025-21684",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-02-09T12:15:29.623",
+  "lastModified": "2025-02-09T12:15:29.623",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[    5.349336] =============================\n[    5.353349] [ BUG: Invalid wait context ]\n[    5.357361] 6.13.0-rc5+ #69 Tainted: G        W\n[    5.363031] -----------------------------\n[    5.367045] kworker/u17:1/44 is trying to lock:\n[    5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[    5.380079] other info that might help us debug this:\n[    5.385138] context-{5:5}\n[    5.387762] 5 locks held by kworker/u17:1/44:\n[    5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[    5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[    5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[    5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[    5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[    5.436472] stack backtrace:\n[    5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G        W          6.13.0-rc5+ #69\n[    5.448690] Tainted: [W]=WARN\n[    5.451656] Hardware name: xlnx,zynqmp (DT)\n[    5.455845] Workqueue: events_unbound deferred_probe_work_func\n[    5.461699] Call trace:\n[    5.464147] show_stack+0x18/0x24 C\n[    5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[    5.471501] dump_stack (lib/dump_stack.c:130)\n[    5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[    5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[    5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[    5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[    5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[    5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[    5.497645] irq_startup (kernel/irq/chip.c:270)\n[    5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[    5.504728] request_threaded_irq (kernel/irq/manage.c:2208)"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/9860370c2172704b6b4f0075a0c2a29fd84af96a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9c035105c5537d2ecad6b9415e9417a1ffbd0a62",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b0111650ee596219bb5defa0ce1a1308e6e77ccf",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}

CVE-2025/CVE-2025-216xx/CVE-2025-21685.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2025-21685",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-02-09T12:15:29.737",
+  "lastModified": "2025-02-09T12:15:29.737",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race\n\nThe yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()\nbefore setting the client ops via serdev_device_set_client_ops(). This\nordering can trigger a NULL pointer dereference in the serdev controller's\nreceive_buf handler, as it assumes serdev->ops is valid when\nSERPORT_ACTIVE is set.\n\nThis is similar to the issue fixed in commit 5e700b384ec1\n(\"platform/chrome: cros_ec_uart: properly fix race condition\") where\ndevm_serdev_device_open() was called before fully initializing the\ndevice.\n\nFix the race by ensuring client ops are set before enabling the port via\ndevm_serdev_device_open().\n\nNote, serdev_device_set_baudrate() and serdev_device_set_flow_control()\ncalls should be after the devm_serdev_device_open() call."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/3f67e07873df3c6d9ce2582260b83732e1d3a40b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/59616a91e5e74833b2008b56c66879857c616006",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-02-09T07:00:19.520746+00:00
+2025-02-09T13:00:19.843917+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-02-09T05:15:32.883000+00:00
+2025-02-09T12:15:29.737000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-280446
+280449
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-13440](CVE-2024/CVE-2024-134xx/CVE-2024-13440.json) (`2025-02-09T05:15:22.740`)
+- [CVE-2024-57949](CVE-2024/CVE-2024-579xx/CVE-2024-57949.json) (`2025-02-09T12:15:28.570`)
+- [CVE-2025-21684](CVE-2025/CVE-2025-216xx/CVE-2025-21684.json) (`2025-02-09T12:15:29.623`)
+- [CVE-2025-21685](CVE-2025/CVE-2025-216xx/CVE-2025-21685.json) (`2025-02-09T12:15:29.737`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2024-57966](CVE-2024/CVE-2024-579xx/CVE-2024-57966.json) (`2025-02-09T05:15:32.883`)
 
 
 ## Download and Usage

_state.csv

@@ -246353,7 +246353,7 @@ CVE-2024-13432,0,0,2420e31f27384cf3a3b972e6593316283200b18cb659242a854ce1e6ee4ae
 CVE-2024-13433,0,0,2a9d89514e9ca62330f67417cbd4f0a14554f70d781af736185219d7398dc564,2025-01-18T07:15:09.160000
 CVE-2024-13434,0,0,292fbae0324c9bc0e0a4304860c64d8e4dabea0f0444b12419bd12eebd083320,2025-01-17T05:15:09.290000
 CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000
-CVE-2024-13440,1,1,9fc1576e327be4dbacdcbf5a9d406132dc1948c265c7f8fde1f009c9c777725c,2025-02-09T05:15:22.740000
+CVE-2024-13440,0,0,9fc1576e327be4dbacdcbf5a9d406132dc1948c265c7f8fde1f009c9c777725c,2025-02-09T05:15:22.740000
 CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000
 CVE-2024-13444,0,0,f559be4a09d3b0d4718253e232ed1d6b01b700beffd4896c1d6f62eac4116d3c,2025-01-21T11:15:09.450000
 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000
@@ -274532,6 +274532,7 @@ CVE-2024-57945,0,0,ba7b321eb8cd0d1e792a1582e6a8309da43ab8d76c6981c78527fc0b4c2a5
 CVE-2024-57946,0,0,7694bfd6f4bfcb27622fd33f724eed0c14a58bd72141bedb13eda08e23a02026,2025-01-21T13:15:09.137000
 CVE-2024-57947,0,0,0f394f81965ff60be8ebf8ad0ab0612e0d5ea1bd9618d127584b4c77570cc2fc,2025-01-23T14:15:25.293000
 CVE-2024-57948,0,0,1a6e7a2592dc090b9c5651ce7d9dfb9cd17ca0fde703644781c208aeb34be331,2025-02-02T11:15:14.713000
+CVE-2024-57949,1,1,a3e846c65b5ea9fa67b88176625579c765ca55deddba68eae74e95e9758eaece,2025-02-09T12:15:28.570000
 CVE-2024-5795,0,0,8c27870eb8f46b4876cdd6a9335698b3a6adeccd1af066b5f5391281ef70b349,2024-11-21T09:48:20.780000
 CVE-2024-57954,0,0,91758d48648129248ea9805d5372fb353727b8abbefe2abe7e8495cf9dc66f5f,2025-02-06T13:15:39.467000
 CVE-2024-57955,0,0,c9d2b1ffe54f7f5776391ee1ea15de6075933d1092f6712e436603a1d67aa02c,2025-02-06T13:15:39.590000
@@ -274544,7 +274545,7 @@ CVE-2024-57960,0,0,615613f4380654acdf770af8e932b07007c41c20f705a33f5b5a786c8d2df
 CVE-2024-57961,0,0,c474380d60f449ae11d292b0426c707b2b591e8c8778c5bb7f17d5297d050136,2025-02-06T13:15:40.417000
 CVE-2024-57962,0,0,f3585e4d41a97b886b7fb87352dbe611c938938f30ff0860bfaa1f6426496d32,2025-02-06T13:15:40.600000
 CVE-2024-57965,0,0,1ec783f88325ed02c1810413dbff411d8a59c49db780f7d0fa48c580055559d5,2025-01-29T10:15:08.113000
-CVE-2024-57966,0,1,61d2b5fd5d958d136f7dd40b4676334560812ee79ee948ded13f78b89db9e1c9,2025-02-09T05:15:32.883000
+CVE-2024-57966,0,0,61d2b5fd5d958d136f7dd40b4676334560812ee79ee948ded13f78b89db9e1c9,2025-02-09T05:15:32.883000
 CVE-2024-57967,0,0,8fee44e6eb84e9ffdf47037f396d369451745de427e458c886fbbf4f38d70d65,2025-02-03T18:15:37.853000
 CVE-2024-57968,0,0,df2d26687f6eb03cc4ebdae430a2d63e09872c2f76ae608d0c55e2648f4f6e40,2025-02-06T18:15:32.287000
 CVE-2024-5798,0,0,1cf6b5fddcb53bc6e432a6a3428f56651407d96c3d029c184944ae69fb8dd23b,2024-11-21T09:48:21.013000
@@ -279081,6 +279082,8 @@ CVE-2025-21680,0,0,ab176bb9040b4730f514a36acb954e8ef4736becce0eddc54061e7998d46f
 CVE-2025-21681,0,0,9e9509683b66e78d225a9c8bdb52e1c3341add5c0d97b10f58b98660105a4cbd,2025-01-31T12:15:29.260000
 CVE-2025-21682,0,0,462d4deac5e2e59ee2d3e31f4dfc91555e87d58a1e47d6fecad84acad53c8a69,2025-02-04T15:25:48.707000
 CVE-2025-21683,0,0,eb90b34b8c26cfd5a6fc922b697d6b0c2dfe15c32e6ed59da1ae357c1a3f7802,2025-02-03T20:01:29.163000
+CVE-2025-21684,1,1,ccbe370735fa79c92be04c8fbe1da6eb1bac16030487ec3333d5a2a07f83260b,2025-02-09T12:15:29.623000
+CVE-2025-21685,1,1,2c38b70654cf295bc0534469166c384ffdd225ff08c70a695fd50e5a61dba4ea,2025-02-09T12:15:29.737000
 CVE-2025-22129,0,0,d84466451eb5813ecdb45d579943a91ad86a0d891b836c8fd8053b0ece067119,2025-02-04T19:15:33.360000
 CVE-2025-22130,0,0,a71c51c8237898c4394724aa5ef423b90094196082b564075e1f1cf6c2992343,2025-01-08T16:15:38.543000
 CVE-2025-22131,0,0,69440877e24142b0c883a083dd220512bc0b0c9b1551c23031d4be6598836d66,2025-01-20T16:15:27.880000