admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-07-09T12:00:17.373132+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-07-09 12:03:54 +00:00
parent f0e64e89b4
commit 23cd146935
30 changed files with 891 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2025/CVE-2025-270xx/CVE-2025-27027.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-27027",
"sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"published": "2025-07-09T09:15:26.720",
"lastModified": "2025-07-09T09:15:26.720",
"lastModified": "2025-07-09T10:15:26.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Restricted shell rbash\u00a0evasion in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) allows the user vpuser\u00a0to start a full-feature shell.\n\n\n\nA user with vpuser\u00a0credentials that opens an SSH connection to the device, gets a restricted shell rbash\u00a0that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash\u00a0restrictions."
"value": "A user with vpuser\u00a0credentials that opens an SSH connection to the device, gets a restricted shell rbash\u00a0that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash\u00a0restrictions."
}
],
"metrics": {
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-653"
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027",

25
CVE-2025/CVE-2025-382xx/CVE-2025-38238.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38238",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:25.080",
"lastModified": "2025-07-09T11:15:25.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\n\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\nsend ABTS for each of them. On send completion, this causes an attempt to\nfree the same frame twice that leads to a crash.\n\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\nlogic accordingly.\n\nTested by checking MDS for FDMI information.\n\nTested by using instrumented driver to:\n\n - Drop PLOGI response\n - Drop RHBA response\n - Drop RPA response\n - Drop RHBA and RPA response\n - Drop PLOGI response + ABTS response\n - Drop RHBA response + ABTS response\n - Drop RPA response + ABTS response\n - Drop RHBA and RPA response + ABTS response for both of them"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/09679e9abedfbc5a2590759a1a7893c1c26e6044",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38239.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38239",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:25.983",
"lastModified": "2025-07-09T11:15:25.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type 'cpumask *[1024]'\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38241.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38241",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.107",
"lastModified": "2025-07-09T11:15:26.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/shmem, swap: fix softlockup with mTHP swapin\n\nFollowing softlockup can be easily reproduced on my test machine with:\n\necho always > /sys/kernel/mm/transparent_hugepage/hugepages-64kB/enabled\nswapon /dev/zram0 # zram0 is a 48G swap device\nmkdir -p /sys/fs/cgroup/memory/test\necho 1G > /sys/fs/cgroup/test/memory.max\necho $BASHPID > /sys/fs/cgroup/test/cgroup.procs\nwhile true; do\n dd if=/dev/zero of=/tmp/test.img bs=1M count=5120\n cat /tmp/test.img > /dev/null\n rm /tmp/test.img\ndone\n\nThen after a while:\nwatchdog: BUG: soft lockup - CPU#0 stuck for 763s! [cat:5787]\nModules linked in: zram virtiofs\nCPU: 0 UID: 0 PID: 5787 Comm: cat Kdump: loaded Tainted: G L 6.15.0.orig-gf3021d9246bc-dirty #118 PREEMPT(voluntary)\u00b7\nTainted: [L]=SOFTLOCKUP\nHardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015\nRIP: 0010:mpol_shared_policy_lookup+0xd/0x70\nCode: e9 b8 b4 ff ff 31 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 41 54 55 53 <48> 8b 1f 48 85 db 74 41 4c 8d 67 08 48 89 fb 48 89 f5 4c 89 e7 e8\nRSP: 0018:ffffc90002b1fc28 EFLAGS: 00000202\nRAX: 00000000001c20ca RBX: 0000000000724e1e RCX: 0000000000000001\nRDX: ffff888118e214c8 RSI: 0000000000057d42 RDI: ffff888118e21518\nRBP: 000000000002bec8 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000bf4 R11: 0000000000000000 R12: 0000000000000001\nR13: 00000000001c20ca R14: 00000000001c20ca R15: 0000000000000000\nFS: 00007f03f995c740(0000) GS:ffff88a07ad9a000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f03f98f1000 CR3: 0000000144626004 CR4: 0000000000770eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n shmem_alloc_folio+0x31/0xc0\n shmem_swapin_folio+0x309/0xcf0\n ? filemap_get_entry+0x117/0x1e0\n ? xas_load+0xd/0xb0\n ? filemap_get_entry+0x101/0x1e0\n shmem_get_folio_gfp+0x2ed/0x5b0\n shmem_file_read_iter+0x7f/0x2e0\n vfs_read+0x252/0x330\n ksys_read+0x68/0xf0\n do_syscall_64+0x4c/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f03f9a46991\nCode: 00 48 8b 15 81 14 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d 35 97 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007fff3c52bd28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f03f9a46991\nRDX: 0000000000040000 RSI: 00007f03f98ba000 RDI: 0000000000000003\nRBP: 00007fff3c52bd50 R08: 0000000000000000 R09: 00007f03f9b9a380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007f03f98ba000 R14: 0000000000000003 R15: 0000000000000000\n </TASK>\n\nThe reason is simple, readahead brought some order 0 folio in swap cache,\nand the swapin mTHP folio being allocated is in conflict with it, so\nswapcache_prepare fails and causes shmem_swap_alloc_folio to return\n-EEXIST, and shmem simply retries again and again causing this loop.\n\nFix it by applying a similar fix for anon mTHP swapin.\n\nThe performance change is very slight, time of swapin 10g zero folios\nwith shmem (test for 12 times):\nBefore: 2.47s\nAfter: 2.48s\n\n[kasong@tencent.com: add comment]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1283dfc1e0cd52cf525c2cb1b59a6f9183aab7ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a05dd8ae5cbb1cb45f349922cfea4f548a5e5d6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38242.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38242",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.233",
"lastModified": "2025-07-09T11:15:26.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: userfaultfd: fix race of userfaultfd_move and swap cache\n\nThis commit fixes two kinds of races, they may have different results:\n\nBarry reported a BUG_ON in commit c50f8e6053b0, we may see the same\nBUG_ON if the filemap lookup returned NULL and folio is added to swap\ncache after that.\n\nIf another kind of race is triggered (folio changed after lookup) we\nmay see RSS counter is corrupted:\n\n[ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_ANONPAGES val:-1\n[ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_SHMEMPAGES val:1\n\nBecause the folio is being accounted to the wrong VMA.\n\nI'm not sure if there will be any data corruption though, seems no. \nThe issues above are critical already.\n\n\nOn seeing a swap entry PTE, userfaultfd_move does a lockless swap cache\nlookup, and tries to move the found folio to the faulting vma. Currently,\nit relies on checking the PTE value to ensure that the moved folio still\nbelongs to the src swap entry and that no new folio has been added to the\nswap cache, which turns out to be unreliable.\n\nWhile working and reviewing the swap table series with Barry, following\nexisting races are observed and reproduced [1]:\n\nIn the example below, move_pages_pte is moving src_pte to dst_pte, where\nsrc_pte is a swap entry PTE holding swap entry S1, and S1 is not in the\nswap cache:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1\n ... < interrupted> ...\n <swapin src_pte, alloc and use folio A>\n // folio A is a new allocated folio\n // and get installed into src_pte\n <frees swap entry S1>\n // src_pte now points to folio A, S1\n // has swap count == 0, it can be freed\n // by folio_swap_swap or swap\n // allocator's reclaim.\n <try to swap out another folio B>\n // folio B is a folio in another VMA.\n <put folio B to swap cache using S1 >\n // S1 is freed, folio B can use it\n // for swap out with no problem.\n ...\n folio = filemap_get_folio(S1)\n // Got folio B here !!!\n ... < interrupted again> ...\n <swapin folio B and free S1>\n // Now S1 is free to be used again.\n <swapout src_pte & folio A using S1>\n // Now src_pte is a swap entry PTE\n // holding S1 again.\n folio_trylock(folio)\n move_swap_pte\n double_pt_lock\n is_pte_pages_stable\n // Check passed because src_pte == S1\n folio_move_anon_rmap(...)\n // Moved invalid folio B here !!!\n\nThe race window is very short and requires multiple collisions of multiple\nrare events, so it's very unlikely to happen, but with a deliberately\nconstructed reproducer and increased time window, it can be reproduced\neasily.\n\nThis can be fixed by checking if the folio returned by filemap is the\nvalid swap cache folio after acquiring the folio lock.\n\nAnother similar race is possible: filemap_get_folio may return NULL, but\nfolio (A) could be swapped in and then swapped out again using the same\nswap entry after the lookup. In such a case, folio (A) may remain in the\nswap cache, so it must be moved too:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1, and S1 is not in swap cache\n folio = filemap_get\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ea148a799198518d8ebab63ddd0bb6114a103bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db2ca8074955ca64187a4fb596dd290b9c446cd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38243.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38243",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.350",
"lastModified": "2025-07-09T11:15:26.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix invalid inode pointer dereferences during log replay\n\nIn a few places where we call read_one_inode(), if we get a NULL pointer\nwe end up jumping into an error path, or fallthrough in case of\n__add_inode_ref(), where we then do something like this:\n\n iput(&inode->vfs_inode);\n\nwhich results in an invalid inode pointer that triggers an invalid memory\naccess, resulting in a crash.\n\nFix this by making sure we don't do such dereferences."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dcf838cf5c2f0f4501edaa1680fcad03618d760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ba8386d662cc51cc5382688bbf7a152b0b0b27cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-382xx/CVE-2025-38244.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-38244",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.480",
"lastModified": "2025-07-09T11:15:26.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (&tcp_ses->srv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (&ret_buf->chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (&ret_buf->chan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-> #1 (&ret_buf->ses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-> #0 (&tcp_ses->srv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n &tcp_ses->srv_lock --> &ret_buf->ses_lock --> &ret_buf->chan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&ret_buf->chan_lock);\n lock(&ret_buf->ses_lock);\n lock(&ret_buf->chan_lock);\n lock(&tcp_ses->srv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (&cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (&ret_buf->ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (&ret_buf->chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/711741f94ac3cf9f4e3aa73aa171e76d188c0819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f3ead8ebc0ef65b6c89a13912b4e80218425629",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c82c7041258d96e3286f6790ab700e4edd3cc9e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe035dc78aa6ca8f862857d45beaf7a0e03206ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38245.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38245",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.597",
"lastModified": "2025-07-09T11:15:26.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n\nsyzbot reported a warning below during atm_dev_register(). [0]\n\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup(). These operations are\ndone under atm_dev_mutex.\n\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\n\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\n\nLet's hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n\n[0]:\nproc_dir_entry 'atm/atmtcp:0' already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 <0f> 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n proc_create_data+0xbe/0x110 fs/proc/generic.c:585\n atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\n atm_dev_register+0x46d/0x890 net/atm/resources.c:113\n atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\n atmtcp_attach drivers/atm/atmtcp.c:403 [inline]\n atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x115/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6922f1a048c090f10704bbef4a3a1e81932d2e0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a433791aeaea6e84df709e0b9584b9bbe040cd1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae539d963a17443ec54cba8a767e4ffa318264f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2e40fcfe1575faaa548f87614006d3fe44c779e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cabed6ba92a9a8c09da02a3f20e32ecd80989896",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-382xx/CVE-2025-38246.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-38246",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.720",
"lastModified": "2025-07-09T11:15:26.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next->prev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff <0f> 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] <IRQ>\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] </IRQ>\n[56252.044246] <TASK>\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 <0f> 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02bf488d56df9db4f5147280b65d9011e1ab88d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9caca6ac0e26cd20efd490d8b3b2ffb1c7c00f6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6665b8f0f58082c480ed8627029f44d046ef2c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38247.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38247",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.847",
"lastModified": "2025-07-09T11:15:26.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuserns and mnt_idmap leak in open_tree_attr(2)\n\nOnce want_mount_setattr() has returned a positive, it does require\nfinish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr()\ndoes not change that.\n\nAs the result, we can end up leaking userns and possibly mnt_idmap as\nwell."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0748e553df0225754c316a92af3a77fdc057b358",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/142db4e76110dd80239f4e79810f85ea1735ad60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38248.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38248",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:26.963",
"lastModified": "2025-07-09T11:15:26.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n <TASK>\n dump_stack\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7544f3f5b0b58c396f374d060898b5939da31709",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f05a4f9e959e0fc098046044c650acf897ea52d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38249.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38249",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.077",
"lastModified": "2025-07-09T11:15:27.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-382xx/CVE-2025-38250.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-38250",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.193",
"lastModified": "2025-07-09T11:15:27.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev->dev->driver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet's run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev->destruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n <TASK>\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n </TASK>\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e5c144c557df910ab64d9c25d06399a9a735e65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1d6123102e9fbedc8d25bf4731da6d513173e49e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce23b73f0f27e2dbeb81734a79db710f05aa33c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38251.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38251",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.310",
"lastModified": "2025-07-09T11:15:27.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: prevent NULL deref in clip_push()\n\nBlamed commit missed that vcc_destroy_socket() calls\nclip_push() with a NULL skb.\n\nIf clip_devs is NULL, clip_push() then crashes when reading\nskb->truesize."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c709dce16999bf6a1d2ce377deb5dd6fdd8cb08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88c88f91f4b3563956bb52e7a71a3640f7ece157",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a07005a77b18ae59b8471e7e4d991fa9f642b3c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b993ea46b3b601915ceaaf3c802adf11e7d6bac6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ede31ad949ae0d03cb4c5edd79991586ad7c8bb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38252.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38252",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.430",
"lastModified": "2025-07-09T11:15:27.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/ras: Fix CPER handler device confusion\n\nBy inspection, cxl_cper_handle_prot_err() is making a series of fragile\nassumptions that can lead to crashes:\n\n1/ It assumes that endpoints identified in the record are a CXL-type-3\n device, nothing guarantees that.\n\n2/ It assumes that the device is bound to the cxl_pci driver, nothing\n guarantees that.\n\n3/ Minor, it holds the device lock over the switch-port tracing for no\n reason as the trace is 100% generated from data in the record.\n\nCorrect those by checking that the PCIe endpoint parents a cxl_memdev\nbefore assuming the format of the driver data, and move the lock to where\nit is required. Consequently this also makes the implementation ready for\nCXL accelerators that are not bound to cxl_pci."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4bcb8dd36e9e3fad6c22862ac5b6993df838309b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-382xx/CVE-2025-38253.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-38253",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.540",
"lastModified": "2025-07-09T11:15:27.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix crash in wacom_aes_battery_handler()\n\nCommit fd2a9b29dc9c (\"HID: wacom: Remove AES power_supply after extended\ninactivity\") introduced wacom_aes_battery_handler() which is scheduled\nas a delayed work (aes_battery_work).\n\nIn wacom_remove(), aes_battery_work is not canceled. Consequently, if\nthe device is removed while aes_battery_work is still pending, then hard\ncrashes or \"Oops: general protection fault...\" are experienced when\nwacom_aes_battery_handler() is finally called. E.g., this happens with\nbuilt-in USB devices after resume from hibernate when aes_battery_work\nwas still pending at the time of hibernation.\n\nSo, take care to cancel aes_battery_work in wacom_remove()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/57a3d82200dbeccd002244b96acad570eeeb731f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a4f182ffa30c52ad1c8e12edfb8049ee748c0f1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3054152c12e2eed1e72704aff47b0ea58229584",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38254.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38254",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.653",
"lastModified": "2025-07-09T11:15:27.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add sanity checks for drm_edid_raw()\n\nWhen EDID is retrieved via drm_edid_raw(), it doesn't guarantee to\nreturn proper EDID bytes the caller wants: it may be either NULL (that\nleads to an Oops) or with too long bytes over the fixed size raw_edid\narray (that may lead to memory corruption). The latter was reported\nactually when connected with a bad adapter.\n\nAdd sanity checks for drm_edid_raw() to address the above corner\ncases, and return EDID_BAD_INPUT accordingly.\n\n(cherry picked from commit 648d3f4d209725d51900d6a3ed46b7b600140cdf)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b63507d7cd243574753c6b91f68516d9103f1de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6847b3b6e84ef37451c074e6a8db3fbd250c8dbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-382xx/CVE-2025-38255.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-38255",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.767",
"lastModified": "2025-07-09T11:15:27.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()\n\nWhile testing null_blk with configfs, echo 0 > poll_queues will trigger\nfollowing panic:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:__bitmap_or+0x48/0x70\nCall Trace:\n <TASK>\n __group_cpus_evenly+0x822/0x8c0\n group_cpus_evenly+0x2d9/0x490\n blk_mq_map_queues+0x1e/0x110\n null_map_queues+0xc9/0x170 [null_blk]\n blk_mq_update_queue_map+0xdb/0x160\n blk_mq_update_nr_hw_queues+0x22b/0x560\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_poll_queues_store+0xa4/0x130 [null_blk]\n configfs_write_iter+0x109/0x1d0\n vfs_write+0x26e/0x6f0\n ksys_write+0x79/0x180\n __x64_sys_write+0x1d/0x30\n x64_sys_call+0x45c4/0x45f0\n do_syscall_64+0xa5/0x240\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRoot cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from\nkcalloc(), and later ZERO_SIZE_PTR will be deferenced.\n\nFix the problem by checking numgrps first in group_cpus_evenly(), and\nreturn NULL directly if numgrps is zero.\n\n[yukuai3@huawei.com: also fix the non-SMP version]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/29d39e0d5f16c060e32542b2cf351c09fd22b250",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64a99eff8dcf1f951a544e6058341b2b19a8fdbd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/911ef2e8a7de5b2bae8ff11fb0bd01f699e6db65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/df831e97739405ecbaddb85516bc7d4d1c933d6b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-382xx/CVE-2025-38256.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-38256",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.880",
"lastModified": "2025-07-09T11:15:27.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it's wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/11e7b7369e655e6131387b174218d7fa9557b3da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53fd75f25b223878b5fff14932e3a22f42b54f77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5afb4bf9fc62d828647647ec31745083637132e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38257.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38257",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:27.993",
"lastModified": "2025-07-09T11:15:27.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in 'nr_apqns' variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won't be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-382xx/CVE-2025-38258.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-38258",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.110",
"lastModified": "2025-07-09T11:15:28.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write\n\nmemcg_path_store() assigns a newly allocated memory buffer to\nfilter->memcg_path, without deallocating the previously allocated and\nassigned memory buffer. As a result, users can leak kernel memory by\ncontinuously writing a data to memcg_path DAMOS sysfs file. Fix the leak\nby deallocating the previously set memory buffer."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38259.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38259",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.227",
"lastModified": "2025-07-09T11:15:28.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9079db287fc3e38e040b0edeb0a25770bb679c8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9830ef1803a5bc50b4a984a06cf23142cd46229d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a8795f3cd289cd958f6396a1b43ba46fa8e22a2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b86280aaa23c1c0f31bcaa600d35ddc45bc38b7a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edadaf4239c14dc8a19ea7f60b97d5524d93c29b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38260.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38260",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.340",
"lastModified": "2025-07-09T11:15:28.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle csum tree error with rescue=ibadroots correctly\n\n[BUG]\nThere is syzbot based reproducer that can crash the kernel, with the\nfollowing call trace: (With some debug output added)\n\n DEBUG: rescue=ibadroots parsed\n BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by repro (1010)\n BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8\n BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm\n BTRFS info (device loop0): using free-space-tree\n BTRFS warning (device loop0): checksum verify failed on logical 5312512 mirror 1 wanted 0xb043382657aede36608fd3386d6b001692ff406164733d94e2d9a180412c6003 found 0x810ceb2bacb7f0f9eb2bf3b2b15c02af867cb35ad450898169f3b1f0bd818651 level 0\n DEBUG: read tree root path failed for tree csum, ret=-5\n BTRFS warning (device loop0): checksum verify failed on logical 5328896 mirror 1 wanted 0x51be4e8b303da58e6340226815b70e3a93592dac3f30dd510c7517454de8567a found 0x51be4e8b303da58e634022a315b70e3a93592dac3f30dd510c7517454de8567a level 0\n BTRFS warning (device loop0): checksum verify failed on logical 5292032 mirror 1 wanted 0x1924ccd683be9efc2fa98582ef58760e3848e9043db8649ee382681e220cdee4 found 0x0cb6184f6e8799d9f8cb335dccd1d1832da1071d12290dab3b85b587ecacca6e level 0\n process 'repro' launched './file2' with NULL argv: empty string added\n DEBUG: no csum root, idatacsums=0 ibadroots=134217728\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]\n CPU: 5 UID: 0 PID: 1010 Comm: repro Tainted: G OE 6.15.0-custom+ #249 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:btrfs_lookup_csum+0x93/0x3d0 [btrfs]\n Call Trace:\n <TASK>\n btrfs_lookup_bio_sums+0x47a/0xdf0 [btrfs]\n btrfs_submit_bbio+0x43e/0x1a80 [btrfs]\n submit_one_bio+0xde/0x160 [btrfs]\n btrfs_readahead+0x498/0x6a0 [btrfs]\n read_pages+0x1c3/0xb20\n page_cache_ra_order+0x4b5/0xc20\n filemap_get_pages+0x2d3/0x19e0\n filemap_read+0x314/0xde0\n __kernel_read+0x35b/0x900\n bprm_execve+0x62e/0x1140\n do_execveat_common.isra.0+0x3fc/0x520\n __x64_sys_execveat+0xdc/0x130\n do_syscall_64+0x54/0x1d0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nFirstly the fs has a corrupted csum tree root, thus to mount the fs we\nhave to go \"ro,rescue=ibadroots\" mount option.\n\nNormally with that mount option, a bad csum tree root should set\nBTRFS_FS_STATE_NO_DATA_CSUMS flag, so that any future data read will\nignore csum search.\n\nBut in this particular case, we have the following call trace that\ncaused NULL csum root, but not setting BTRFS_FS_STATE_NO_DATA_CSUMS:\n\nload_global_roots_objectid():\n\n\t\tret = btrfs_search_slot();\n\t\t/* Succeeded */\n\t\tbtrfs_item_key_to_cpu()\n\t\tfound = true;\n\t\t/* We found the root item for csum tree. */\n\t\troot = read_tree_root_path();\n\t\tif (IS_ERR(root)) {\n\t\t\tif (!btrfs_test_opt(fs_info, IGNOREBADROOTS))\n\t\t\t/*\n\t\t\t * Since we have rescue=ibadroots mount option,\n\t\t\t * @ret is still 0.\n\t\t\t */\n\t\t\tbreak;\n\tif (!found || ret) {\n\t\t/* @found is true, @ret is 0, error handling for csum\n\t\t * tree is skipped.\n\t\t */\n\t}\n\nThis means we completely skipped to set BTRFS_FS_STATE_NO_DATA_CSUMS if\nthe csum tree is corrupted, which results unexpected later csum lookup.\n\n[FIX]\nIf read_tree_root_path() failed, always populate @ret to the error\nnumber.\n\nAs at the end of the function, we need @ret to determine if we need to\ndo the extra error handling for csum tree."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f5c4a996f8f4fecd24a3eb344a307c50af895c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/547e836661554dcfa15c212a3821664e85b4191a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bbe9231fe611a54a447962494472f604419bad59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8ce11903211542a61f05c02caedd2edfb4256b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc97a116dc4929905538bc0bd3af7faa51192957",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-382xx/CVE-2025-38261.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-38261",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.460",
"lastModified": "2025-07-09T11:15:28.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: save the SR_SUM status over switches\n\nWhen threads/tasks are switched we need to ensure the old execution's\nSR_SUM state is saved and the new thread has the old SR_SUM state\nrestored.\n\nThe issue was seen under heavy load especially with the syz-stress tool\nrunning, with crashes as follows in schedule_tail:\n\nUnable to handle kernel access to user memory without uaccess routines\nat virtual address 000000002749f0d0\nOops [#1]\nModules linked in:\nCPU: 1 PID: 4875 Comm: syz-executor.0 Not tainted\n5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0\nHardware name: riscv-virtio,qemu (DT)\nepc : schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n ra : task_pid_vnr include/linux/sched.h:1421 [inline]\n ra : schedule_tail+0x70/0xb2 kernel/sched/core.c:4264\nepc : ffffffe00008c8b0 ra : ffffffe00008c8ae sp : ffffffe025d17ec0\n gp : ffffffe005d25378 tp : ffffffe00f0d0000 t0 : 0000000000000000\n t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe025d17ee0\n s1 : 000000002749f0d0 a0 : 000000000000002a a1 : 0000000000000003\n a2 : 1ffffffc0cfac500 a3 : ffffffe0000c80cc a4 : 5ae9db91c19bbe00\n a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000082eba\n s2 : 0000000000040000 s3 : ffffffe00eef96c0 s4 : ffffffe022c77fe0\n s5 : 0000000000004000 s6 : ffffffe067d74e00 s7 : ffffffe067d74850\n s8 : ffffffe067d73e18 s9 : ffffffe067d74e00 s10: ffffffe00eef96e8\n s11: 000000ae6cdf8368 t3 : 5ae9db91c19bbe00 t4 : ffffffc4043cafb2\n t5 : ffffffc4043cafba t6 : 0000000000040000\nstatus: 0000000000000120 badaddr: 000000002749f0d0 cause:\n000000000000000f\nCall Trace:\n[<ffffffe00008c8b0>] schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n[<ffffffe000005570>] ret_from_exception+0x0/0x14\nDumping ftrace buffer:\n (ftrace buffer empty)\n---[ end trace b5f8f9231dc87dda ]---\n\nThe issue comes from the put_user() in schedule_tail\n(kernel/sched/core.c) doing the following:\n\nasmlinkage __visible void schedule_tail(struct task_struct *prev)\n{\n...\n if (current->set_child_tid)\n put_user(task_pid_vnr(current), current->set_child_tid);\n...\n}\n\nthe put_user() macro causes the code sequence to come out as follows:\n\n1:\t__enable_user_access()\n2:\treg = task_pid_vnr(current);\n3:\t*current->set_child_tid = reg;\n4:\t__disable_user_access()\n\nThe problem is that we may have a sleeping function as argument which\ncould clear SR_SUM causing the panic above. This was fixed by\nevaluating the argument of the put_user() macro outside the user-enabled\nsection in commit 285a76bb2cf5 (\"riscv: evaluate put_user() arg before\nenabling user access\")\"\n\nIn order for riscv to take advantage of unsafe_get/put_XXX() macros and\nto avoid the same issue we had with put_user() and sleeping functions we\nmust ensure code flow can go through switch_to() from within a region of\ncode with SR_SUM enabled and come back with SR_SUM still enabled. This\npatch addresses the problem allowing future work to enable full use of\nunsafe_get/put_XXX() macros without needing to take a CSR bit flip cost\non every access. Make switch_to() save and restore SR_SUM."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255be4239a06290a77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/788aa64c01f1262310b4c1fb827a36df170d86ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38262.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38262",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.570",
"lastModified": "2025-07-09T11:15:28.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: uartlite: register uart driver in init\n\nWhen two instances of uart devices are probing, a concurrency race can\noccur. If one thread calls uart_register_driver function, which first\nallocates and assigns memory to 'uart_state' member of uart_driver\nstructure, the other instance can bypass uart driver registration and\ncall ulite_assign. This calls uart_add_one_port, which expects the uart\ndriver to be fully initialized. This leads to a kernel panic due to a\nnull pointer dereference:\n\n[ 8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8\n[ 8.156982] #PF: supervisor write access in kernel mode\n[ 8.156984] #PF: error_code(0x0002) - not-present page\n[ 8.156986] PGD 0 P4D 0\n...\n[ 8.180668] RIP: 0010:mutex_lock+0x19/0x30\n[ 8.188624] Call Trace:\n[ 8.188629] ? __die_body.cold+0x1a/0x1f\n[ 8.195260] ? page_fault_oops+0x15c/0x290\n[ 8.209183] ? __irq_resolve_mapping+0x47/0x80\n[ 8.209187] ? exc_page_fault+0x64/0x140\n[ 8.209190] ? asm_exc_page_fault+0x22/0x30\n[ 8.209196] ? mutex_lock+0x19/0x30\n[ 8.223116] uart_add_one_port+0x60/0x440\n[ 8.223122] ? proc_tty_register_driver+0x43/0x50\n[ 8.223126] ? tty_register_driver+0x1ca/0x1e0\n[ 8.246250] ulite_probe+0x357/0x4b0 [uartlite]\n\nTo prevent it, move uart driver registration in to init function. This\nwill ensure that uart_driver is always registered when probe function\nis called."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/685d29f2c5057b32c7b1b46f2a7d303b926c8f72",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6bd697b5fc39fd24e2aa418c7b7d14469f550a93",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6db06aaea07bb7c8e33a425cf7b98bf29ee6056e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e958d10dd0ce5ae674cce460db5c9ca3f25243b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5e4229d94792b40e750f30c92bcf7a3107c72ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-382xx/CVE-2025-38263.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-38263",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.690",
"lastModified": "2025-07-09T11:15:28.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix NULL pointer in cache_set_flush()\n\n1. LINE#1794 - LINE#1887 is some codes about function of\n bch_cache_set_alloc().\n2. LINE#2078 - LINE#2142 is some codes about function of\n register_cache_set().\n3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098.\n\n 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb)\n 1795 {\n ...\n 1860 if (!(c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL)) ||\n 1861 mempool_init_slab_pool(&c->search, 32, bch_search_cache) ||\n 1862 mempool_init_kmalloc_pool(&c->bio_meta, 2,\n 1863 sizeof(struct bbio) + sizeof(struct bio_vec) *\n 1864 bucket_pages(c)) ||\n 1865 mempool_init_kmalloc_pool(&c->fill_iter, 1, iter_size) ||\n 1866 bioset_init(&c->bio_split, 4, offsetof(struct bbio, bio),\n 1867 BIOSET_NEED_BVECS|BIOSET_NEED_RESCUER) ||\n 1868 !(c->uuids = alloc_bucket_pages(GFP_KERNEL, c)) ||\n 1869 !(c->moving_gc_wq = alloc_workqueue(\"bcache_gc\",\n 1870 WQ_MEM_RECLAIM, 0)) ||\n 1871 bch_journal_alloc(c) ||\n 1872 bch_btree_cache_alloc(c) ||\n 1873 bch_open_buckets_alloc(c) ||\n 1874 bch_bset_sort_state_init(&c->sort, ilog2(c->btree_pages)))\n 1875 goto err;\n ^^^^^^^^\n 1876\n ...\n 1883 return c;\n 1884 err:\n 1885 bch_cache_set_unregister(c);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n 1886 return NULL;\n 1887 }\n ...\n 2078 static const char *register_cache_set(struct cache *ca)\n 2079 {\n ...\n 2098 c = bch_cache_set_alloc(&ca->sb);\n 2099 if (!c)\n 2100 return err;\n ^^^^^^^^^^\n ...\n 2128 ca->set = c;\n 2129 ca->set->cache[ca->sb.nr_this_dev] = ca;\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n ...\n 2138 return NULL;\n 2139 err:\n 2140 bch_cache_set_unregister(c);\n 2141 return err;\n 2142 }\n\n(1) If LINE#1860 - LINE#1874 is true, then do 'goto err'(LINE#1875) and\n call bch_cache_set_unregister()(LINE#1885).\n(2) As (1) return NULL(LINE#1886), LINE#2098 - LINE#2100 would return.\n(3) As (2) has returned, LINE#2128 - LINE#2129 would do *not* give the\n value to c->cache[], it means that c->cache[] is NULL.\n\nLINE#1624 - LINE#1665 is some codes about function of cache_set_flush().\nAs (1), in LINE#1885 call\nbch_cache_set_unregister()\n---> bch_cache_set_stop()\n ---> closure_queue()\n -.-> cache_set_flush() (as below LINE#1624)\n\n 1624 static void cache_set_flush(struct closure *cl)\n 1625 {\n ...\n 1654 for_each_cache(ca, c, i)\n 1655 if (ca->alloc_thread)\n ^^\n 1656 kthread_stop(ca->alloc_thread);\n ...\n 1665 }\n\n(4) In LINE#1655 ca is NULL(see (3)) in cache_set_flush() then the\n kernel crash occurred as below:\n[ 846.712887] bcache: register_cache() error drbd6: cannot allocate memory\n[ 846.713242] bcache: register_bcache() error : failed to register device\n[ 846.713336] bcache: cache_set_free() Cache set 2f84bdc1-498a-4f2f-98a7-01946bf54287 unregistered\n[ 846.713768] BUG: unable to handle kernel NULL pointer dereference at 00000000000009f8\n[ 846.714790] PGD 0 P4D 0\n[ 846.715129] Oops: 0000 [#1] SMP PTI\n[ 846.715472] CPU: 19 PID: 5057 Comm: kworker/19:16 Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.el8_1.5es.3.x86_64 #1\n[ 846.716082] Hardware name: ESPAN GI-25212/X11DPL-i, BIOS 2.1 06/15/2018\n[ 846.716451] Workqueue: events cache_set_flush [bcache]\n[ 846.716808] RIP: 0010:cache_set_flush+0xc9/0x1b0 [bcache]\n[ 846.717155] Code: 00 4c 89 a5 b0 03 00 00 48 8b 85 68 f6 ff ff a8 08 0f 84 88 00 00 00 31 db 66 83 bd 3c f7 ff ff 00 48 8b 85 48 ff ff ff 74 28 <48> 8b b8 f8 09 00 0\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e46ed947ec658f89f1a910d880cd05e42d3763e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3f9e128186c99a117e304f1dce6d0b9e50c63cd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/553f560e0a74a7008ad9dba05c3fd05da296befb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/667c3f52373ff5354cb3543e27237eb7df7b2333",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c4f5e7e417034b05f5d2f5fa9a872db897da69bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-382xx/CVE-2025-38264.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-38264",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-07-09T11:15:28.810",
"lastModified": "2025-07-09T11:15:28.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it's not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bf04c874fcb1ae46a863034296e4b33d8fbd66c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094848ebf4c6bae006",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f054ea62598197714a6ca7b3b387a027308f8b13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2025/CVE-2025-534xx/CVE-2025-53479.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-53479",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-07-08T18:15:40.387",
"lastModified": "2025-07-08T18:15:40.387",
"lastModified": "2025-07-09T11:15:28.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CheckUser extension\u2019s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism.\n\n\n\n\nThis issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."
"value": "The CheckUser extension\u2019s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism.\n\n\n\n\nThis issue affects Mediawiki - CheckUser extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."
},
{
"lang": "es",
"value": "La interfaz Special:CheckUser de la extensi\u00f3n CheckUser es vulnerable a XSS reflejado mediante el mensaje rev-deleted-user. Este mensaje se procesa sin el escape adecuado, lo que permite inyectar JavaScript mediante el mecanismo de anulaci\u00f3n del lenguaje uselang=x-xss. Este problema afecta a Mediawiki - extensi\u00f3n CheckUser: desde la versi\u00f3n 1.39.X hasta la 1.39.13, desde la versi\u00f3n 1.42.X hasta la 1.42.7, desde la versi\u00f3n 1.43.X hasta la 1.43.2."
}
],
"metrics": {},

47
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-07-09T10:00:12.040525+00:00
2025-07-09T12:00:17.373132+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-07-09T09:15:27.703000+00:00
2025-07-09T11:15:28.920000+00:00
```
### Last Data Feed Release
@ -33,29 +33,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
301191
301217
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `26`
- [CVE-2025-27027](CVE-2025/CVE-2025-270xx/CVE-2025-27027.json) (`2025-07-09T09:15:26.720`)
- [CVE-2025-27028](CVE-2025/CVE-2025-270xx/CVE-2025-27028.json) (`2025-07-09T09:15:26.850`)
- [CVE-2025-3497](CVE-2025/CVE-2025-34xx/CVE-2025-3497.json) (`2025-07-09T09:15:27.010`)
- [CVE-2025-3498](CVE-2025/CVE-2025-34xx/CVE-2025-3498.json) (`2025-07-09T09:15:27.137`)
- [CVE-2025-3499](CVE-2025/CVE-2025-34xx/CVE-2025-3499.json) (`2025-07-09T09:15:27.297`)
- [CVE-2025-7379](CVE-2025/CVE-2025-73xx/CVE-2025-7379.json) (`2025-07-09T09:15:27.703`)
- [CVE-2025-38239](CVE-2025/CVE-2025-382xx/CVE-2025-38239.json) (`2025-07-09T11:15:25.983`)
- [CVE-2025-38241](CVE-2025/CVE-2025-382xx/CVE-2025-38241.json) (`2025-07-09T11:15:26.107`)
- [CVE-2025-38242](CVE-2025/CVE-2025-382xx/CVE-2025-38242.json) (`2025-07-09T11:15:26.233`)
- [CVE-2025-38243](CVE-2025/CVE-2025-382xx/CVE-2025-38243.json) (`2025-07-09T11:15:26.350`)
- [CVE-2025-38244](CVE-2025/CVE-2025-382xx/CVE-2025-38244.json) (`2025-07-09T11:15:26.480`)
- [CVE-2025-38245](CVE-2025/CVE-2025-382xx/CVE-2025-38245.json) (`2025-07-09T11:15:26.597`)
- [CVE-2025-38246](CVE-2025/CVE-2025-382xx/CVE-2025-38246.json) (`2025-07-09T11:15:26.720`)
- [CVE-2025-38247](CVE-2025/CVE-2025-382xx/CVE-2025-38247.json) (`2025-07-09T11:15:26.847`)
- [CVE-2025-38248](CVE-2025/CVE-2025-382xx/CVE-2025-38248.json) (`2025-07-09T11:15:26.963`)
- [CVE-2025-38249](CVE-2025/CVE-2025-382xx/CVE-2025-38249.json) (`2025-07-09T11:15:27.077`)
- [CVE-2025-38250](CVE-2025/CVE-2025-382xx/CVE-2025-38250.json) (`2025-07-09T11:15:27.193`)
- [CVE-2025-38251](CVE-2025/CVE-2025-382xx/CVE-2025-38251.json) (`2025-07-09T11:15:27.310`)
- [CVE-2025-38252](CVE-2025/CVE-2025-382xx/CVE-2025-38252.json) (`2025-07-09T11:15:27.430`)
- [CVE-2025-38253](CVE-2025/CVE-2025-382xx/CVE-2025-38253.json) (`2025-07-09T11:15:27.540`)
- [CVE-2025-38254](CVE-2025/CVE-2025-382xx/CVE-2025-38254.json) (`2025-07-09T11:15:27.653`)
- [CVE-2025-38255](CVE-2025/CVE-2025-382xx/CVE-2025-38255.json) (`2025-07-09T11:15:27.767`)
- [CVE-2025-38256](CVE-2025/CVE-2025-382xx/CVE-2025-38256.json) (`2025-07-09T11:15:27.880`)
- [CVE-2025-38257](CVE-2025/CVE-2025-382xx/CVE-2025-38257.json) (`2025-07-09T11:15:27.993`)
- [CVE-2025-38258](CVE-2025/CVE-2025-382xx/CVE-2025-38258.json) (`2025-07-09T11:15:28.110`)
- [CVE-2025-38259](CVE-2025/CVE-2025-382xx/CVE-2025-38259.json) (`2025-07-09T11:15:28.227`)
- [CVE-2025-38260](CVE-2025/CVE-2025-382xx/CVE-2025-38260.json) (`2025-07-09T11:15:28.340`)
- [CVE-2025-38261](CVE-2025/CVE-2025-382xx/CVE-2025-38261.json) (`2025-07-09T11:15:28.460`)
- [CVE-2025-38262](CVE-2025/CVE-2025-382xx/CVE-2025-38262.json) (`2025-07-09T11:15:28.570`)
- [CVE-2025-38263](CVE-2025/CVE-2025-382xx/CVE-2025-38263.json) (`2025-07-09T11:15:28.690`)
- [CVE-2025-38264](CVE-2025/CVE-2025-382xx/CVE-2025-38264.json) (`2025-07-09T11:15:28.810`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `2`
- [CVE-2024-45497](CVE-2024/CVE-2024-454xx/CVE-2024-45497.json) (`2025-07-09T08:15:24.810`)
- [CVE-2025-6032](CVE-2025/CVE-2025-60xx/CVE-2025-6032.json) (`2025-07-09T08:15:25.010`)
- [CVE-2025-7345](CVE-2025/CVE-2025-73xx/CVE-2025-7345.json) (`2025-07-09T08:15:25.153`)
- [CVE-2025-7378](CVE-2025/CVE-2025-73xx/CVE-2025-7378.json) (`2025-07-09T09:15:27.427`)
- [CVE-2025-27027](CVE-2025/CVE-2025-270xx/CVE-2025-27027.json) (`2025-07-09T10:15:26.620`)
- [CVE-2025-53479](CVE-2025/CVE-2025-534xx/CVE-2025-53479.json) (`2025-07-09T11:15:28.920`)
## Download and Usage

48
_state.csv
View File

@ -270065,7 +270065,7 @@ CVE-2024-45493,0,0,63ded12e1cce66753793ae82bef6c61efd91f10fe98a5bd1c054c3ddfbe0b
CVE-2024-45494,0,0,e62b8176d74731dfdb1c9ebc3d4575fcabd14aac12deeb9776633eac1b50aecb,2024-12-17T19:15:06.497000
CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000
CVE-2024-45496,0,0,f647c5447ed213c353caf91ddf707bc78331ddddcd98c233146cc0a0d9ee301a,2025-01-09T09:15:07.600000
CVE-2024-45497,0,1,85bd3cea02a78df9925084705b445f10d02b558ef326e0d0b2f9abebe8dc1941,2025-07-09T08:15:24.810000
CVE-2024-45497,0,0,85bd3cea02a78df9925084705b445f10d02b558ef326e0d0b2f9abebe8dc1941,2025-07-09T08:15:24.810000
CVE-2024-45498,0,0,1b37b8abea607b55d06bdeca0f52a798741defd10e0d0992aaa1892048a4a705,2025-06-03T21:12:43.280000
CVE-2024-4550,0,0,d020c2baa57a4c8c78c6437cdbbe1c555a0bddf99dab5627801ef1d8b20c6e80,2024-09-14T11:47:14.677000
CVE-2024-45504,0,0,117e3b0ea98f4e26734959281e27af071785e94eccc716f5288207bae003b1cf,2024-11-04T21:35:09.173000
@ -289854,8 +289854,8 @@ CVE-2025-27023,0,0,6be6269bbfbc5d84ac11ae2eab44e0588bc22f3ffa8b4bc305d83a3f98fe5
CVE-2025-27024,0,0,6bbb5897a3b3dbfa862cb990b11b991668128aff205a6e6d8d0848cf38cc1c5f,2025-07-03T15:13:53.147000
CVE-2025-27025,0,0,056458cab9f105639ea3b4bae04dbc35042bfe57f5cb33a64b03bb422025d3bc,2025-07-03T15:13:53.147000
CVE-2025-27026,0,0,ebb2efbc83c5abc4a187c397eb9b41e3236526b409f6e83e68cf536e93ba650f,2025-07-03T15:13:53.147000
CVE-2025-27027,1,1,179041f8c3f679b6759238583546dc90f3193ad264a8763c34a3fafd3ec864a7,2025-07-09T09:15:26.720000
CVE-2025-27028,1,1,1e9db59359eca20bfee1a105c02f92224211f98e7b52f6eb1142919a57dfd996,2025-07-09T09:15:26.850000
CVE-2025-27027,0,1,8b5f5479ebfe58e0450a1956229b63f18e65cde9f371ed3fb86f323919b96a3b,2025-07-09T10:15:26.620000
CVE-2025-27028,0,0,1e9db59359eca20bfee1a105c02f92224211f98e7b52f6eb1142919a57dfd996,2025-07-09T09:15:26.850000
CVE-2025-27029,0,0,f19508e0628f7c772651f93e1b12fe9874fd4060cecec22f220c71602c00f8da,2025-06-04T14:54:33.783000
CVE-2025-2703,0,0,d5ea40e178148932f49d90ec4c309716760c7d3b1ed975c047629950db3be6df,2025-06-10T11:15:52.680000
CVE-2025-27031,0,0,9fa4d5238e55dfabc5a9becc0748532469d6008767dbc00fd4050a94f50be84d,2025-06-04T14:54:33.783000
@ -294214,9 +294214,9 @@ CVE-2025-3493,0,0,710768fa82b2fdfed7afb4421abc006aa127722a5b581650774cfc22d97391
CVE-2025-3494,0,0,895818aaf59db2b99c5d4035d526d1a6e1e75a9b529efd9be2a175701512ee7b,2025-06-17T04:15:54.940000
CVE-2025-3495,0,0,fe640c81a3ed6a86c53f35442fa10e181d645418d808dffc6fff69a3880ca71e,2025-04-16T13:25:37.340000
CVE-2025-3496,0,0,eeeb25234db4b5411b18647e6b883fd7c97d2c7df03da24267ee3dd146e4a70c,2025-05-12T17:32:32.760000
CVE-2025-3497,1,1,2dac6d536285cc0b7216d4529fd5b7b3b16a5e2164e92b986ddbf8c1730ee6c1,2025-07-09T09:15:27.010000
CVE-2025-3498,1,1,d0e81323de6d0a8cd688467b717930f8d1c8fb79caea9bfc5ec157a8e8da4f63,2025-07-09T09:15:27.137000
CVE-2025-3499,1,1,1b64949cdf534a79bcb86f4ce5cd6e4d70bdd1d3fd4c8e8c07be45ead95f7c26,2025-07-09T09:15:27.297000
CVE-2025-3497,0,0,2dac6d536285cc0b7216d4529fd5b7b3b16a5e2164e92b986ddbf8c1730ee6c1,2025-07-09T09:15:27.010000
CVE-2025-3498,0,0,d0e81323de6d0a8cd688467b717930f8d1c8fb79caea9bfc5ec157a8e8da4f63,2025-07-09T09:15:27.137000
CVE-2025-3499,0,0,1b64949cdf534a79bcb86f4ce5cd6e4d70bdd1d3fd4c8e8c07be45ead95f7c26,2025-07-09T09:15:27.297000
CVE-2025-35003,0,0,791bac33fee91676bd214d44d2c117dfde55aed631bff56312eb764357d3eafe,2025-07-08T13:17:42.373000
CVE-2025-35004,0,0,7ca9bc0598b8fe2bf7b93ef55b16ec6acc895ca6e01d5d8b8d232f2796cef251,2025-06-09T12:15:47.880000
CVE-2025-35005,0,0,aa88b08f6e519f0629b8d956d40895c8805159a8863a31c203e2d6c4d560bff3,2025-06-09T12:15:47.880000
@ -295075,10 +295075,36 @@ CVE-2025-38234,0,0,7801cd6daadf896b034b55772ae192aff2623e5097c77279aba0275b578ed
CVE-2025-38235,0,0,59873f035daa0e680ba496a3e232026e89dce464be5b4ba966b2d6abbb44f108,2025-07-08T16:18:34.923000
CVE-2025-38236,0,0,b4520de60ae95f48e5da3e404c8337bbe168cced88a3271312e49d824e416da0,2025-07-08T16:18:14.207000
CVE-2025-38237,0,0,3fdb0a5b39477f2910150e2e191c0d515db3c8030bb3e6ce688865dd74daa358,2025-07-08T16:18:14.207000
CVE-2025-38238,1,1,ff7a01982b877a947065384e8b8c1e2bec8a445599bd75438a79f9d57359b191,2025-07-09T11:15:25.080000
CVE-2025-38239,1,1,d775d233c8e5eac9c134c2615d19d84b29dc269fa94ca1d87744c709c266ee77,2025-07-09T11:15:25.983000
CVE-2025-3824,0,0,4042020909e5223dbce6d2958e1aacca8166710222023563345f997e50394c09,2025-04-30T17:36:04.970000
CVE-2025-38240,0,0,117d76f4b128d7e0799c3952cf9e021270b3a89841576592d72d8a875350efe5,2025-04-21T14:23:45.950000
CVE-2025-38241,1,1,8d3e7ba18aa3cb51381f5d9b95e0821c0d769eb802f7fb9974b04f8d74126549,2025-07-09T11:15:26.107000
CVE-2025-38242,1,1,492e98b761e66370001b1b4387156a204e9a615af7c162bcf74f47219492718f,2025-07-09T11:15:26.233000
CVE-2025-38243,1,1,fcdf4ef3f18d6729cfb0eaab878e6166c98465535f5c8549ca367f086f47bfdc,2025-07-09T11:15:26.350000
CVE-2025-38244,1,1,80cb3f5b22b2a240b8ed030750476ce98e15857b2fd984680913a4b3fb66b38a,2025-07-09T11:15:26.480000
CVE-2025-38245,1,1,1e7fff542292bce605997893271ab14a17fbab5c1eae95d7c5e73e5b25b5f410,2025-07-09T11:15:26.597000
CVE-2025-38246,1,1,919c11ecc00a8d6eb45a73561cd77493fbbb1309e27858d7d578fc107d528fc4,2025-07-09T11:15:26.720000
CVE-2025-38247,1,1,153cb2beb0c28a77d50609f5e08274835ebd56be530613339dbbd81b6f5b53a8,2025-07-09T11:15:26.847000
CVE-2025-38248,1,1,ba1fafae59c8b6c01ef1d68ee385d09a300e7a21d2f47643b3ea7484fb443352,2025-07-09T11:15:26.963000
CVE-2025-38249,1,1,370584deeb4d08c5c79b551fd44415567827f8208cf489cd7341cbfb9afa4123,2025-07-09T11:15:27.077000
CVE-2025-3825,0,0,f32d1d72467b4949b7a1ca6e34d7286cd27354f39fac3d30ab70022243e0cd52,2025-04-30T17:33:52.383000
CVE-2025-38250,1,1,d0305a8d07ff02cc4d06eadb0a6c9de9c9c75067f6d4e0bc8b96610e68dad683,2025-07-09T11:15:27.193000
CVE-2025-38251,1,1,b1a678448e281ddfbf9d1664a8e550392f49a047f5ec907ee85166d4985f5b15,2025-07-09T11:15:27.310000
CVE-2025-38252,1,1,22fcd0b6911890bc7890061c8e80230ca905a65cc404d5c631665d261435fc54,2025-07-09T11:15:27.430000
CVE-2025-38253,1,1,0244551fb6ea8e60057cffbc2164ba7634427b628a1b56a762e30a340490b9ff,2025-07-09T11:15:27.540000
CVE-2025-38254,1,1,ed40f73ca02f73a01c6aac7e4bca966c91b4fe000d2f3be4954144573b0b054e,2025-07-09T11:15:27.653000
CVE-2025-38255,1,1,f8f59e7f021f6a8e726b09b1b773d3e335169fe44449f594e47edcbc5378faaa,2025-07-09T11:15:27.767000
CVE-2025-38256,1,1,41bda30121c566ab961beddf8ed01b741c4a2768ef1bcfcfcbae2483a6ca59eb,2025-07-09T11:15:27.880000
CVE-2025-38257,1,1,93681a61b604c2b39cc8e67f95ee3d474abde43d23b87ac6fa8468c87df2f234,2025-07-09T11:15:27.993000
CVE-2025-38258,1,1,28f849ffbb622bf4ec943029734d84b010835de038962037f47178e6a9821946,2025-07-09T11:15:28.110000
CVE-2025-38259,1,1,c27c65f9b8c1c91524c2a4c9695e8c3a283d76236a29f3699b156aa2cce297bc,2025-07-09T11:15:28.227000
CVE-2025-3826,0,0,12613660cc812171747dcc452352aee420b2e0e6059d26c52e556db0199baaa6,2025-04-30T17:16:40.730000
CVE-2025-38260,1,1,c923b7acc7a481c330a77cef98fce354cd5c9ff544d70f9f94c56f83e22c19d5,2025-07-09T11:15:28.340000
CVE-2025-38261,1,1,b78d412cf264d28069f4d972cf6e6bf63b3e12c57dc7993d2054843f204aab60,2025-07-09T11:15:28.460000
CVE-2025-38262,1,1,1d6c130fa12c7301531f17e91c224c8676422ddbb1e014cf54d518266eed4a65,2025-07-09T11:15:28.570000
CVE-2025-38263,1,1,7e0bda597df634576d9b814b3fba027dac674046012605b1a0383dcd691b9c25,2025-07-09T11:15:28.690000
CVE-2025-38264,1,1,f02f2dab10eadc14c8200640a591bd667dbdd73c70bb95b7fc68eefb075097cd,2025-07-09T11:15:28.810000
CVE-2025-3827,0,0,33bbba915b7b592866bfc3616cf9f0001aecfaf6e988592cd9c29413273dcae3,2025-04-28T17:38:47.400000
CVE-2025-3828,0,0,3eb6d0b1a353f6b028229c911a6540176ee5d6c92be2c6f765dd3c51f26cdc06,2025-04-28T17:38:37.743000
CVE-2025-3829,0,0,e1ca2d6d2777bda61e41d98906578fb71b99b717fead5680464fe3cb7ff1b258,2025-04-28T17:38:28.507000
@ -299755,7 +299781,7 @@ CVE-2025-53415,0,0,a69e8e91492110c4dbcf675778ea91b79a25d896361aa62120c18b659d9f3
CVE-2025-53416,0,0,5766bb5741c2eb8f5d7acde7664083885dadd438f2f420d57a6193893c29ac92,2025-06-30T10:15:26.127000
CVE-2025-53473,0,0,a98e9bef8a3e8614654fd61fe5e312266f4052bbcda22460250a3d6a497eb2e1,2025-07-08T16:18:34.923000
CVE-2025-53478,0,0,aa7b2381d7181ee2b89b1383c51d82730ebb38c46cf0997958e21fb414371fe5,2025-07-08T16:18:34.923000
CVE-2025-53479,0,0,d40fec0cee63feb67a3f9256754b9dab9198b4d5af73ca36d7772139873aa11f,2025-07-08T18:15:40.387000
CVE-2025-53479,0,1,258b4473f1f22e006b11f4458d8dde8c68eb02f9b98dffd6552486cffcade1ee,2025-07-09T11:15:28.920000
CVE-2025-53480,0,0,d8383875b2422d51193c6751343fc73f1fb8675714156878ade9b707d83c0eb9,2025-07-08T21:15:28.227000
CVE-2025-53481,0,0,6fc1e0a87cba085ed024fc5b3374d45e0211ca730bf92722cc171d880a81905d,2025-07-08T18:15:40.500000
CVE-2025-53482,0,0,1920f2634050742befb0e985247a8637f5baaf6ae1103ac41377c2c70cf4dc47,2025-07-08T18:15:40.767000
@ -300370,7 +300396,7 @@ CVE-2025-6022,0,0,673713355118472c1ebaabd5c5e4854e0f9320e04b049cdd5cc68d5d0f25f0
CVE-2025-6029,0,0,e9108be7e98d0780991a9dbc9771d79381463de686ea76ad25b1212ca465841e,2025-06-16T12:32:18.840000
CVE-2025-6030,0,0,e2d083f85b4980fab673be25fe64ff6c58fe5f2e84e15893b8c80d92f1561a4f,2025-06-16T12:32:18.840000
CVE-2025-6031,0,0,8862006220262f75545734fb5f034c6db29d3c4cbd11030b12e4d70636f9f9cc,2025-06-16T12:32:18.840000
CVE-2025-6032,0,1,ce09e35be7c671a96f2aa3fa9063548f7ca83361bb358f772be74f5d56107481,2025-07-09T08:15:25.010000
CVE-2025-6032,0,0,ce09e35be7c671a96f2aa3fa9063548f7ca83361bb358f772be74f5d56107481,2025-07-09T08:15:25.010000
CVE-2025-6035,0,0,b71b50bc0c235c19b2d078bb69ae3921b820489d58f8688dea7a7bdd7515f125,2025-06-16T12:32:18.840000
CVE-2025-6039,0,0,6b84c21907e40cd684bcb033e3b9f89fbbdd3d87aa6c728045af124524704dc4,2025-07-08T16:18:53.607000
CVE-2025-6040,0,0,76a8c143b5834b0cf93cda3bf80ab595e40b144f2532ce0d72ddcf42d08934bb,2025-06-16T12:32:18.840000
@ -301184,9 +301210,9 @@ CVE-2025-7220,0,0,35112cf9c491a042ef82268423381a63063e765f0718854eb05b924a765fe1
CVE-2025-7259,0,0,8fd7864e8f7fb6c249652178c4014f15a5857d3e35a24f0168719b78d426bcb5,2025-07-08T16:18:34.923000
CVE-2025-7326,0,0,7483fa577d73a18bc380df3b53d59526c96cf483de8c4617271f38405405a76d,2025-07-08T16:18:14.207000
CVE-2025-7327,0,0,a0fb7d73224d0b20e5509ef1c0447ce978b71b86006dd59d1e903714c73ecb3c,2025-07-08T16:18:14.207000
CVE-2025-7345,0,1,709d673764fade726ba1b32ba85eb2d6d1b0153f73ca57ae2bf2d3e2cf0ce508,2025-07-09T08:15:25.153000
CVE-2025-7345,0,0,709d673764fade726ba1b32ba85eb2d6d1b0153f73ca57ae2bf2d3e2cf0ce508,2025-07-09T08:15:25.153000
CVE-2025-7346,0,0,0fee3d68122e9af468e47512e4d9d848586d1a84e0ff7cd695bcb12ab8e33bea,2025-07-08T16:18:14.207000
CVE-2025-7362,0,0,02130a85c1c6d05a11bb14ef506a7d903b4fe58c8e7f8a6897a5073d63357426,2025-07-08T18:15:46.797000
CVE-2025-7363,0,0,385fe29622c6056496489adb0027c4ebe22bb337ef24fdf5e5d804e8ad6be343,2025-07-08T18:15:46.913000
CVE-2025-7378,0,1,df394c8ad1c1c473fc467832d6088491aa869b0e1f8d5c817565332ef96d8e8c,2025-07-09T09:15:27.427000
CVE-2025-7379,1,1,c50973a30df0820693416f3c4ab5bd767ae294c9829c4c26cd2de47fda511ba5,2025-07-09T09:15:27.703000
CVE-2025-7378,0,0,df394c8ad1c1c473fc467832d6088491aa869b0e1f8d5c817565332ef96d8e8c,2025-07-09T09:15:27.427000
CVE-2025-7379,0,0,c50973a30df0820693416f3c4ab5bd767ae294c9829c4c26cd2de47fda511ba5,2025-07-09T09:15:27.703000

Can't render this file because it is too large.