admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-05-01T14:00:20.012439+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-05-01 14:03:54 +00:00
parent a33615c983
commit 52cba044ae
60 changed files with 2586 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-88xx/CVE-2020-8887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-8887",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-22T12:15:12.347",
"lastModified": "2024-11-21T05:39:38.127",
"vulnStatus": "Modified",
"lastModified": "2025-05-01T12:28:01.117",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

56
CVE-2023/CVE-2023-466xx/CVE-2023-46669.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-46669",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-05-01T13:15:49.000",
"lastModified": "2025-05-01T13:15:49.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706",
"source": "bressers@elastic.co"
}
]
}

65
CVE-2024/CVE-2024-368xx/CVE-2024-36843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36843",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-31T20:15:10.290",
"lastModified": "2024-11-21T09:22:41.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-05-01T13:58:41.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,57 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md",
"source": "cve@mitre.org"
},
"nodes": [
{
"url": "https://github.com/stephane/libmodbus/issues/748",
"source": "cve@mitre.org"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/stephane/libmodbus/issues/748",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"vulnerable": true,
"criteria": "cpe:2.3:a:libmodbus:libmodbus:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "43D577F9-CD93-4016-811F-D9497106332F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/stephane/libmodbus/issues/748",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/stephane/libmodbus/issues/748",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-368xx/CVE-2024-36844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36844",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-31T20:15:10.380",
"lastModified": "2024-11-21T09:22:41.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-05-01T13:50:48.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,41 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/stephane/libmodbus/issues/749",
"source": "cve@mitre.org"
},
"nodes": [
{
"url": "https://github.com/stephane/libmodbus/issues/749",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libmodbus:libmodbus:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "43D577F9-CD93-4016-811F-D9497106332F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/stephane/libmodbus/issues/749",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/stephane/libmodbus/issues/749",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-368xx/CVE-2024-36845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36845",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-31T20:15:10.463",
"lastModified": "2024-11-21T09:22:42.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-05-01T13:44:15.047",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +61,41 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/stephane/libmodbus/issues/750",
"source": "cve@mitre.org"
},
"nodes": [
{
"url": "https://github.com/stephane/libmodbus/issues/750",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libmodbus:libmodbus:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "43D577F9-CD93-4016-811F-D9497106332F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/stephane/libmodbus/issues/750",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/stephane/libmodbus/issues/750",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

60
CVE-2025/CVE-2025-15xx/CVE-2025-1529.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-1529",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T12:15:16.093",
"lastModified": "2025-05-01T12:15:16.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3278523/am-lottieplayer",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f44fcc8-c5e0-44f5-92c3-6603b19a06fe?source=cve",
"source": "security@wordfence.com"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23139.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23139",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:49.693",
"lastModified": "2025-05-01T13:15:49.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: Fix another race during initialization\n\nDo not set 'HCI_UART_PROTO_READY' before call 'hci_uart_register_dev()'.\nPossible race is when someone calls 'hci_tty_uart_close()' after this bit\nis set, but 'hci_uart_register_dev()' wasn't done. This leads to access\nto uninitialized fields. To fix it let's set this bit after device was\nregistered (as before patch c411c62cc133) and to fix previous problem let's\nadd one more bit in addition to 'HCI_UART_PROTO_READY' which allows to\nperform power up without original bit set (pls see commit c411c62cc133).\n\nCrash backtrace from syzbot report:\n\nRIP: 0010:skb_queue_empty_lockless include/linux/skbuff.h:1887 [inline]\nRIP: 0010:skb_queue_purge_reason+0x6d/0x140 net/core/skbuff.c:3936\n\nCall Trace:\n <TASK>\n skb_queue_purge include/linux/skbuff.h:3364 [inline]\n mrvl_close+0x2f/0x90 drivers/bluetooth/hci_mrvl.c:100\n hci_uart_tty_close+0xb6/0x120 drivers/bluetooth/hci_ldisc.c:557\n tty_ldisc_close drivers/tty/tty_ldisc.c:455 [inline]\n tty_ldisc_kill+0x66/0xc0 drivers/tty/tty_ldisc.c:613\n tty_ldisc_release+0xc9/0x120 drivers/tty/tty_ldisc.c:781\n tty_release_struct+0x10/0x80 drivers/tty/tty_io.c:1690\n tty_release+0x4ef/0x640 drivers/tty/tty_io.c:1861\n __fput+0x86/0x2a0 fs/file_table.c:450\n task_work_run+0x82/0xb0 kernel/task_work.c:239\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0xa3/0x1b0 kernel/entry/common.c:218\n do_syscall_64+0x9a/0x190 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02e1bcdfdf769974e7e9fa285e295cd9852e2a38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/281782d2c6730241e300d630bb9f200d831ede71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5df5dafc171b90d0b8d51547a82657cd5a1986c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/80f14e9de6a43a0bd8194cad1003a3e6dcbc3984",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e5aff600539e5faea294d9612cca50220e602b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db7509fa110dd9b11134b75894677f30353b2c51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-231xx/CVE-2025-23140.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-23140",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:49.807",
"lastModified": "2025-05-01T13:15:49.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0'\n WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test->num_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0557e70e2aeba8647bf5a950820b67cfb86533db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a4b7181213268c9b07bef8800905528435db44a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/770407f6173f4f39f4e2c1b54422b79ce6c98bdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d5118b107b1a2353ed0dff24404aee2e6b7ca0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6cb7828c8e17520d4f5afb416515d3fae1af9a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23141.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23141",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:49.910",
"lastModified": "2025-05-01T13:15:49.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses\n\nAcquire a lock on kvm->srcu when userspace is getting MP state to handle a\nrather extreme edge case where \"accepting\" APIC events, i.e. processing\npending INIT or SIPI, can trigger accesses to guest memory. If the vCPU\nis in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP\nstate will trigger a nested VM-Exit by way of ->check_nested_events(), and\nemuating the nested VM-Exit can access guest memory.\n\nThe splat was originally hit by syzkaller on a Google-internal kernel, and\nreproduced on an upstream kernel by hacking the triple_fault_event_test\nselftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a\nmemory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.\n\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by triple_fault_ev/1256:\n #0: ffff88810df5a330 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]\n\n stack backtrace:\n CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n <TASK>\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x144/0x190\n kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n read_and_check_msr_entry+0x2e/0x180 [kvm_intel]\n __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]\n kvm_check_nested_events+0x1b/0x30 [kvm]\n kvm_apic_accept_events+0x33/0x100 [kvm]\n kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]\n kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]\n __x64_sys_ioctl+0x8b/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0357c8406dfa09430dd9858ebe813feb65524b6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/592e040572f216d916f465047c8ce4a308fcca44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7bc5c360375d28ba5ef6298b0d53e735c81d66a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a3df0aa1087a89f5ce55f4aba816bfcb1ecf1be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef01cac401f18647d62720cf773d7bb0541827da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5cbe725b7477b4cd677be1b86b4e08f90572997",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23142.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23142",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.017",
"lastModified": "2025-05-01T13:15:50.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: detect and prevent references to a freed transport in sendmsg\n\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\n\nThere's a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\n\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\n\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\n\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\n\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\n\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2])."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e5068b7e0ae0a54f6cfd03a2f80977da657f1ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5bc83bdf5f5b8010d1ca5a4555537e62413ab4e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a63f4fb0efb4e69efd990cbb740a848679ec4b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e7c37fadb3be1fc33073fcf10aa96d166caa697",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6fefcb71d246baaf3bacdad1af7ff50ebcfe652",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1a69a940de58b16e8249dff26f74c8cc59b32be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-231xx/CVE-2025-23143.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-23143",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.127",
"lastModified": "2025-05-01T13:15:50.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.\n\nWhen I ran the repro [0] and waited a few seconds, I observed two\nLOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1]\n\nReproduction Steps:\n\n 1) Mount CIFS\n 2) Add an iptables rule to drop incoming FIN packets for CIFS\n 3) Unmount CIFS\n 4) Unload the CIFS module\n 5) Remove the iptables rule\n\nAt step 3), the CIFS module calls sock_release() for the underlying\nTCP socket, and it returns quickly. However, the socket remains in\nFIN_WAIT_1 because incoming FIN packets are dropped.\n\nAt this point, the module's refcnt is 0 while the socket is still\nalive, so the following rmmod command succeeds.\n\n # ss -tan\n State Recv-Q Send-Q Local Address:Port Peer Address:Port\n FIN-WAIT-1 0 477 10.0.2.15:51062 10.0.0.137:445\n\n # lsmod | grep cifs\n cifs 1159168 0\n\nThis highlights a discrepancy between the lifetime of the CIFS module\nand the underlying TCP socket. Even after CIFS calls sock_release()\nand it returns, the TCP socket does not die immediately in order to\nclose the connection gracefully.\n\nWhile this is generally fine, it causes an issue with LOCKDEP because\nCIFS assigns a different lock class to the TCP socket's sk->sk_lock\nusing sock_lock_init_class_and_name().\n\nOnce an incoming packet is processed for the socket or a timer fires,\nsk->sk_lock is acquired.\n\nThen, LOCKDEP checks the lock context in check_wait_context(), where\nhlock_class() is called to retrieve the lock class. However, since\nthe module has already been unloaded, hlock_class() logs a warning\nand returns NULL, triggering the null-ptr-deref.\n\nIf LOCKDEP is enabled, we must ensure that a module calling\nsock_lock_init_class_and_name() (CIFS, NFS, etc) cannot be unloaded\nwhile such a socket is still alive to prevent this issue.\n\nLet's hold the module reference in sock_lock_init_class_and_name()\nand release it when the socket is freed in sk_prot_free().\n\nNote that sock_lock_init() clears sk->sk_owner for svc_create_socket()\nthat calls sock_lock_init_class_and_name() for a listening socket,\nwhich clones a socket by sk_clone_lock() without GFP_ZERO.\n\n[0]:\nCIFS_SERVER=\"10.0.0.137\"\nCIFS_PATH=\"//${CIFS_SERVER}/Users/Administrator/Desktop/CIFS_TEST\"\nDEV=\"enp0s3\"\nCRED=\"/root/WindowsCredential.txt\"\n\nMNT=$(mktemp -d /tmp/XXXXXX)\nmount -t cifs ${CIFS_PATH} ${MNT} -o vers=3.0,credentials=${CRED},cache=none,echo_interval=1\n\niptables -A INPUT -s ${CIFS_SERVER} -j DROP\n\nfor i in $(seq 10);\ndo\n umount ${MNT}\n rmmod cifs\n sleep 1\ndone\n\nrm -r ${MNT}\n\niptables -D INPUT -s ${CIFS_SERVER} -j DROP\n\n[1]:\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 10 PID: 0 at kernel/locking/lockdep.c:234 hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223)\nModules linked in: cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs]\nCPU: 10 UID: 0 PID: 0 Comm: swapper/10 Not tainted 6.14.0 #36\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223)\n...\nCall Trace:\n <IRQ>\n __lock_acquire (kernel/locking/lockdep.c:4853 kernel/locking/lockdep.c:5178)\n lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853 kernel/locking/lockdep.c:5816)\n _raw_spin_lock_nested (kernel/locking/spinlock.c:379)\n tcp_v4_rcv (./include/linux/skbuff.h:1678 ./include/net/tcp.h:2547 net/ipv4/tcp_ipv4.c:2350)\n...\n\nBUG: kernel NULL pointer dereference, address: 00000000000000c4\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 UID: 0 PID: 0 Comm: swapper/10 Tainted: G W 6.14.0 #36\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire (kernel/\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bb2f7a1ad1f11d861f58e5ee5051c8974ff9569",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2155802d3313d7b8365935c6b8d6edc0ddd7eb94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f7f6abd92b6c8dc8f19625ef93c3a18549ede04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c11247a21aab4b50a23c8b696727d7483de2f1e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-231xx/CVE-2025-23144.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-23144",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.237",
"lastModified": "2025-05-01T13:15:50.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led_bl: Hold led_access lock when calling led_sysfs_disable()\n\nLockdep detects the following issue on led-backlight removal:\n [ 142.315935] ------------[ cut here ]------------\n [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80\n ...\n [ 142.500725] Call trace:\n [ 142.503176] led_sysfs_enable+0x54/0x80 (P)\n [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl]\n [ 142.511742] platform_remove+0x30/0x58\n [ 142.515501] device_remove+0x54/0x90\n ...\n\nIndeed, led_sysfs_enable() has to be called with the led_access\nlock held.\n\nHold the lock when calling led_sysfs_disable()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/11d128f7eacec276c75cf4712880a6307ca9c885",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c82f5a393d8b9a5c1ea032413719862098afd4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/276822a00db3c1061382b41e72cafc09d6a0ec30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/61a5c565fd2442d3128f3bab5f022658adc3a4e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8ddf5107f53789448900f04fa220f34cd2f777e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23145.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23145",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.343",
"lastModified": "2025-05-01T13:15:50.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL.\n\nCall trace:\n\n mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n ip_local_deliver (./net/ipv4/ip_input.c:254)\n ip_rcv_finish (./net/ipv4/ip_input.c:449)\n ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n'subflow_req->msk' ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the 'subflow_req->msk' under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/443041deb5ef6a1289a99ed95015ec7442f141dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b2649b9717678aeb097893cc49f59311a1ecab0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f9ae060ed64aef8f174c5f1ea513825b1be9af1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/855bf0aacd51fced11ea9aa0d5101ee0febaeadb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc81e41a307df523072186b241fa8244fecd7803",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efd58a8dd9e7a709a90ee486a4247c923d27296f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23146.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23146",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.453",
"lastModified": "2025-05-01T13:15:50.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: ene-kb3930: Fix a potential NULL pointer dereference\n\nThe off_gpios could be NULL. Add missing check in the kb3930_probe().\nThis is similar to the issue fixed in commit b1ba8bcb2d1f\n(\"backlight: hx8357: Fix potential NULL pointer dereference\").\n\nThis was detected by our static analysis tool."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2edb5b29b197d90b4d08cd45e911c0bcf24cb895",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cdf1d2a816a93fa02f7b6b5492dc7f55af2a199",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76d0f4199bc5b51acb7b96c6663a8953543733ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b47df6498f223c8956bfe0d994a0e42a520dfcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b1758417310d2cc77e52cd15103497e52e2614f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea07760676bba49319d553af80c239da053b5fb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23147.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23147",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.563",
"lastModified": "2025-05-01T13:15:50.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: Add NULL pointer check in i3c_master_queue_ibi()\n\nThe I3C master driver may receive an IBI from a target device that has not\nbeen probed yet. In such cases, the master calls `i3c_master_queue_ibi()`\nto queue an IBI work task, leading to \"Unable to handle kernel read from\nunreadable memory\" and resulting in a kernel panic.\n\nTypical IBI handling flow:\n1. The I3C master scans target devices and probes their respective drivers.\n2. The target device driver calls `i3c_device_request_ibi()` to enable IBI\n and assigns `dev->ibi = ibi`.\n3. The I3C master receives an IBI from the target device and calls\n `i3c_master_queue_ibi()` to queue the target device driver\u2019s IBI\n handler task.\n\nHowever, since target device events are asynchronous to the I3C probe\nsequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`,\nleading to a kernel panic.\n\nAdd a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing\nan uninitialized `dev->ibi`, ensuring stability."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6871a676aa534e8f218279672e0445c725f81026",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd496a44f041da9ef3afe14d1d6193d460424e91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6bba328578feb58c614c11868c259b40484c5fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe4a4fc179b7898055555a11685915473588392e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff9d61db59bb27d16d3f872bff2620d50856b80c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23148.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23148",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.670",
"lastModified": "2025-05-01T13:15:50.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()\n\nsoc_dev_attr->revision could be NULL, thus,\na pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4129760e462f45f14e61b10408ace61aa7c2ed30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/44a2572a0fdcf3e7565763690d579b998a8f0562",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/475b9b45dc32eba58ab794b5d47ac689fc018398",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f51d169fd0d4821bce775618db024062b09a3f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f80fd2ff8bfd13e41554741740e0ca8e6445ded",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8222ef6cf29dd7cad21643228f96535cc02b327",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-231xx/CVE-2025-23149.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-23149",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.780",
"lastModified": "2025-05-01T13:15:50.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: do not start chip while suspended\n\nChecking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can\nlead to a spurious tpm_chip_start() call:\n\n[35985.503771] i2c i2c-1: Transfer while suspended\n[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810\n[35985.503802] Modules linked in:\n[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f\n[35985.503814] Tainted: [W]=WARN\n[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810\n[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5\n[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246\n[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000\n[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001\n[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820\n[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120\n[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000\n[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0\n[35985.503855] Call Trace:\n[35985.503859] <TASK>\n[35985.503863] ? __warn+0xd4/0x260\n[35985.503868] ? __i2c_transfer+0xbe/0x810\n[35985.503874] ? report_bug+0xf3/0x210\n[35985.503882] ? handle_bug+0x63/0xb0\n[35985.503887] ? exc_invalid_op+0x16/0x50\n[35985.503892] ? asm_exc_invalid_op+0x16/0x20\n[35985.503904] ? __i2c_transfer+0xbe/0x810\n[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0\n[35985.503920] tpm_cr50_i2c_read+0x8e/0x120\n[35985.503928] tpm_cr50_request_locality+0x75/0x170\n[35985.503935] tpm_chip_start+0x116/0x160\n[35985.503942] tpm_try_get_ops+0x57/0x90\n[35985.503948] tpm_find_get_ops+0x26/0xd0\n[35985.503955] tpm_get_random+0x2d/0x80\n\nDon't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless\nTPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in\nsuch a failure case."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1404dff1e11bf927b70ac25e1de97bed9742ede4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17d253af4c2c8a2acf84bb55a0c2045f150b7dfd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e74e2394eed90aff5c3a08c1f51f476d4de71d02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1044e995b64d70ef90ef6f2b89955b127497702",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3cb81cb96d587f9f235a11789d1ec0992643078",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23150.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23150",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:50.893",
"lastModified": "2025-05-01T13:15:50.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n </TASK>\n\nThe following loop is located right above 'if' statement.\n\nfor (i = count-1; i >= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 > blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n'i' in this case could go down to -1, in which case sum of active entries\nwouldn't exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/16d9067f00e3a7d1df7c3aa9c20d214923d27e10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17df39f455f1289319d4d09e4826aa46852ffd17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2eeb1085bf7bd5c7ba796ca4119925fa5d336a3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/35d0aa6db9d93307085871ceab8a729594a98162",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94824ac9a8aaf2fb3c54b4bdde842db80ffa555d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab0cc5c25552ae0d20eae94b40a93be11b080fc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23151.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23151",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.003",
"lastModified": "2025-05-01T13:15:51.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver's tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-231xx/CVE-2025-23152.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-23152",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.110",
"lastModified": "2025-05-01T13:15:51.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()\n\nFix a silly bug where an array was used outside of its scope."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd9e1a03e579a01dfa66dbaa53d0219c33cbc463",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d48b663f410f8b35b8ba9bd597bafaa00f53293b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-231xx/CVE-2025-23153.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-23153",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.210",
"lastModified": "2025-05-01T13:15:51.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()\n\nFix a silly bug where an array was used outside of its scope."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3371f569223c4e8d36edbb0ba789ee5f5cb7316f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8eba735be74e74776f9f6d9c691bdb75b08b29c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-231xx/CVE-2025-23154.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-23154",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.310",
"lastModified": "2025-05-01T13:15:51.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix io_req_post_cqe abuse by send bundle\n\n[ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0\n[ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0\n[ 115.001880][ T5313] Call Trace:\n[ 115.002222][ T5313] <TASK>\n[ 115.007813][ T5313] io_send+0x4fe/0x10f0\n[ 115.009317][ T5313] io_issue_sqe+0x1a6/0x1740\n[ 115.012094][ T5313] io_wq_submit_work+0x38b/0xed0\n[ 115.013223][ T5313] io_worker_handle_work+0x62a/0x1600\n[ 115.013876][ T5313] io_wq_worker+0x34f/0xdf0\n\nAs the comment states, io_req_post_cqe() should only be used by\nmultishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are\nnot. Add a flag signifying whether a request wants to post multiple\nCQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but\nthat's left out for simplicity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6889ae1b4df1579bcdffef023e2ea9a982565dff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7888c9fc0b2d3636f2e821ed1ad3c6920fa8e378",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9aa804e6b9696998308095fb9d335046a71550f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7c6d081c19a5e11bbd77bb97a62cff2b6b21cb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-231xx/CVE-2025-23155.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-23155",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.413",
"lastModified": "2025-05-01T13:15:51.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nThe cpumask should not be a local variable, since its pointer is saved\nto irq_desc and may be accessed from procfs.\nTo fix it, use the persistent mask cpumask_of(cpu#)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23156.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23156",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.517",
"lastModified": "2025-05-01T13:15:51.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: refactor hfi packet parsing logic\n\nwords_count denotes the number of words in total payload, while data\npoints to payload of various property within it. When words_count\nreaches last word, data can access memory beyond the total payload. This\ncan lead to OOB access. With this patch, the utility api for handling\nindividual properties now returns the size of data consumed. Accordingly\nremaining bytes are calculated before parsing the payload, thereby\neliminates the OOB access possibilities."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05b07e52a0d08239147ba3460045855f4fb398de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0f9a4bab7d83738963365372e4745854938eab2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d278c5548d840c4d85d445347b2a5c31b2ab3a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9edaaa8e3e15aab1ca413ab50556de1975bcb329",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a736c72d476d1c7ca7be5018f2614ee61168ad01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb3fd8b7906a12dc2b61389abb742bf6542d97fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23157.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23157",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.623",
"lastModified": "2025-05-01T13:15:51.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: add check to avoid out of bound access\n\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/172bf5a9ef70a399bb227809db78442dc01d9e48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/26bbedd06d85770581fda5d78e78539bb088fad1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53e376178ceacca3ef1795038b22fc9ef45ff1d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2541e29d82da8a0df728aadec3e0a8db55d517b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb5be9039f91979f8a2fac29f529f746d7848f3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d4d88ece4ba91df5b02f1d3f599650f9e9fc0f45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23158.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23158",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.733",
"lastModified": "2025-05-01T13:15:51.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add check to handle incorrect queue size\n\nqsize represents size of shared queued between driver and video\nfirmware. Firmware can modify this value to an invalid large value. In\nsuch situation, empty_space will be bigger than the space actually\navailable. Since new_wr_idx is not checked, so the following code will\nresult in an OOB write.\n...\nqsize = qhdr->q_size\n\nif (wr_idx >= rd_idx)\n empty_space = qsize - (wr_idx - rd_idx)\n....\nif (new_wr_idx < qsize) {\n memcpy(wr_ptr, packet, dwords << 2) --> OOB write\n\nAdd check to ensure qsize is within the allocated size while\nreading and writing packets into the queue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/101a86619aab42bb61f2253bbf720121022eab86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/40084302f639b3fe954398c5ba5ee556b7242b54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/679424f8b31446f90080befd0300ea915485b096",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69baf245b23e20efda0079238b27fc63ecf13de1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf5f7bb4e0d786f4d9d50ae6b5963935eab71d75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edb89d69b1438681daaf5ca90aed3242df94cc96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23159.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23159",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.843",
"lastModified": "2025-05-01T13:15:51.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr->buf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e95233af57715d81830fe82b408c633edff59f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/530f623f56a6680792499a8404083e17f8ec51f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5af611c70fb889d46d2f654b8996746e59556750",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a062d8de0be5525ec8c52f070acf7607ec8cbfe4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d78a8388a27b265fcb2b8d064f088168ac9356b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4b211714bcc70effa60c34d9fa613d182e3ef1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-231xx/CVE-2025-23160.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-23160",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:51.957",
"lastModified": "2025-05-01T13:15:51.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23161.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23161",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.060",
"lastModified": "2025-05-01T13:15:52.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type\n\nThe access to the PCI config space via pci_ops::read and pci_ops::write is\na low-level hardware access. The functions can be accessed with disabled\ninterrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this\npurpose.\n\nA spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be\nacquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in\nthe same context as the pci_lock.\n\nMake vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with\ninterrupts disabled.\n\nThis was reported as:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n Call Trace:\n rt_spin_lock+0x4e/0x130\n vmd_pci_read+0x8d/0x100 [vmd]\n pci_user_read_config_byte+0x6f/0xe0\n pci_read_config+0xfe/0x290\n sysfs_kf_bin_read+0x68/0x90\n\n[bigeasy: reword commit message]\nTested-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com>\n[kwilczynski: commit log]\n[bhelgaas: add back report info from\nhttps://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13e5148f70e81991acbe0bab5b1b50ba699116e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/18056a48669a040bef491e63b25896561ee14d90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/20d0a9062c031068fa39f725a32f182b709b5525",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2358046ead696ca5c7c628d6c0e2c6792619a3e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c3cfcf0b4bf43530788b08a8eaf7896ec567484",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2968c812339593ac6e2bdd5cc3adabe3f05fa53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-231xx/CVE-2025-23162.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-23162",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.167",
"lastModified": "2025-05-01T13:15:52.167",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Don't try to trigger a full GT reset if VF\n\nVFs don't have access to the GDRST(0x941c) register that driver\nuses to reset a GT. Attempt to trigger a reset using debugfs:\n\n $ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset\n\nor due to a hang condition detected by the driver leads to:\n\n [ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe]\n [ ] xe 0000:00:02.1: [drm] GT0: reset queued\n [ ] xe 0000:00:02.1: [drm] GT0: reset started\n [ ] ------------[ cut here ]------------\n [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0\n [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xe_gt_sriov_vf.c:996 xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] RIP: 0010:xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] Call Trace:\n [ ] <TASK>\n [ ] ? show_regs+0x6c/0x80\n [ ] ? __warn+0x93/0x1c0\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? report_bug+0x182/0x1b0\n [ ] ? handle_bug+0x6e/0xb0\n [ ] ? exc_invalid_op+0x18/0x80\n [ ] ? asm_exc_invalid_op+0x1b/0x20\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? xe_gt_tlb_invalidation_reset+0xef/0x110 [xe]\n [ ] ? __mutex_unlock_slowpath+0x41/0x2e0\n [ ] xe_mmio_write32+0x64/0x150 [xe]\n [ ] do_gt_reset+0x2f/0xa0 [xe]\n [ ] gt_reset_worker+0x14e/0x1e0 [xe]\n [ ] process_one_work+0x21c/0x740\n [ ] worker_thread+0x1db/0x3c0\n\nFix that by sending H2G VF_RESET(0x5507) action instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/459777724d306315070d24608fcd89aea85516d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90b16edb3213e4ae4a3138bb20703ae367e88a01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9bc61a61372897886f58fdaa5582e3f7bf9a50b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-231xx/CVE-2025-23163.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-23163",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.273",
"lastModified": "2025-05-01T13:15:52.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don't propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(&dev->lock);\n[ 1.212944] lock(&dev->lock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] <TASK>\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev->flags & IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev->vlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan's allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 > /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/27b918007d96402aba10ed52a6af8015230f1793",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/299d7d27af6b5844cda06a0fdfa635705e1bc50f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/538b43aa21e3b17c110104efd218b966d2eda5f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53fb25e90c0a503a17c639341ba5e755cb2feb5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8980018a9806743d9b80837330d46f06ecf78516",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d537859e56bcc3091805c524484a4c85386b3cc8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37738.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37738",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.383",
"lastModified": "2025-05-01T13:15:52.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: ignore xattrs past end\n\nOnce inside 'ext4_xattr_inode_dec_ref_all' we should\nignore xattrs entries past the 'end' entry.\n\nThis fixes the following KASAN reported issue:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\nRead of size 4 at addr ffff888012c120c4 by task repro/2065\n\nCPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x1fd/0x300\n ? tcp_gro_dev_warn+0x260/0x260\n ? _printk+0xc0/0x100\n ? read_lock_is_recursive+0x10/0x10\n ? irq_work_queue+0x72/0xf0\n ? __virt_addr_valid+0x17b/0x4b0\n print_address_description+0x78/0x390\n print_report+0x107/0x1f0\n ? __virt_addr_valid+0x17b/0x4b0\n ? __virt_addr_valid+0x3ff/0x4b0\n ? __phys_addr+0xb5/0x160\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n kasan_report+0xcc/0x100\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ? ext4_xattr_delete_inode+0xd30/0xd30\n ? __ext4_journal_ensure_credits+0x5f0/0x5f0\n ? __ext4_journal_ensure_credits+0x2b/0x5f0\n ? inode_update_timestamps+0x410/0x410\n ext4_xattr_delete_inode+0xb64/0xd30\n ? ext4_truncate+0xb70/0xdc0\n ? ext4_expand_extra_isize_ea+0x1d20/0x1d20\n ? __ext4_mark_inode_dirty+0x670/0x670\n ? ext4_journal_check_start+0x16f/0x240\n ? ext4_inode_is_fast_symlink+0x2f2/0x3a0\n ext4_evict_inode+0xc8c/0xff0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n ? do_raw_spin_unlock+0x53/0x8a0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n evict+0x4ac/0x950\n ? proc_nr_inodes+0x310/0x310\n ? trace_ext4_drop_inode+0xa2/0x220\n ? _raw_spin_unlock+0x1a/0x30\n ? iput+0x4cb/0x7e0\n do_unlinkat+0x495/0x7c0\n ? try_break_deleg+0x120/0x120\n ? 0xffffffff81000000\n ? __check_object_size+0x15a/0x210\n ? strncpy_from_user+0x13e/0x250\n ? getname_flags+0x1dc/0x530\n __x64_sys_unlinkat+0xc8/0xf0\n do_syscall_64+0x65/0x110\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x434ffd\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8\nRSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107\nRAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd\nRDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005\nRBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001\n </TASK>\n\nThe buggy address belongs to the object at ffff888012c12000\n which belongs to the cache filp of size 360\nThe buggy address is located 196 bytes inside of\n freed 360-byte region [ffff888012c12000, ffff888012c12168)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c12\nhead: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nflags: 0x40(head|node=0|zone=0)\npage_type: f5(slab)\nraw: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nraw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nhead: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000001 ffffea00004b0481 ffffffffffffffff 0000000000000000\nhead: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888012c12180: fc fc fc fc fc fc fc fc fc\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/362a90cecd36e8a5c415966d0b75b04a0270e4dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3bc6317033f365ce578eb6039445fb66162722fd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/836e625b03a666cf93ff5be328c8cb30336db872",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8e008b60492cf6fd31ef127aea6d02fd3d314cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf9291a3449b04688b81e32621e88de8f4314b54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb59cc31b6ea076021d14b04e7faab1636b87d0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37739.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37739",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.500",
"lastModified": "2025-05-01T13:15:52.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()\n\nsyzbot reports an UBSAN issue as below:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in fs/f2fs/node.h:381:10\nindex 18446744073709550692 is out of range for type '__le32[5]' (aka 'unsigned int[5]')\nCPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429\n get_nid fs/f2fs/node.h:381 [inline]\n f2fs_truncate_inode_blocks+0xa5e/0xf60 fs/f2fs/node.c:1181\n f2fs_do_truncate_blocks+0x782/0x1030 fs/f2fs/file.c:808\n f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:836\n f2fs_truncate+0x417/0x720 fs/f2fs/file.c:886\n f2fs_file_write_iter+0x1bdb/0x2550 fs/f2fs/file.c:5093\n aio_write+0x56b/0x7c0 fs/aio.c:1633\n io_submit_one+0x8a7/0x18a0 fs/aio.c:2052\n __do_sys_io_submit fs/aio.c:2111 [inline]\n __se_sys_io_submit+0x171/0x2e0 fs/aio.c:2081\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f238798cde9\n\nindex 18446744073709550692 (decimal, unsigned long long)\n= 0xfffffffffffffc64 (hexadecimal, unsigned long long)\n= -924 (decimal, long long)\n\nIn f2fs_truncate_inode_blocks(), UBSAN detects that get_nid() tries to\naccess .i_nid[-924], it means both offset[0] and level should zero.\n\nThe possible case should be in f2fs_do_truncate_blocks(), we try to\ntruncate inode size to zero, however, dn.ofs_in_node is zero and\ndn.node_page is not an inode page, so it fails to truncate inode page,\nand then pass zeroed free_from to f2fs_truncate_inode_blocks(), result\nin this issue.\n\n\tif (dn.ofs_in_node || IS_INODE(dn.node_page)) {\n\t\tf2fs_truncate_data_blocks_range(&dn, count);\n\t\tfree_from += count;\n\t}\n\nI guess the reason why dn.node_page is not an inode page could be: there\nare multiple nat entries share the same node block address, once the node\nblock address was reused, f2fs_get_node_page() may load a non-inode block.\n\nLet's add a sanity check for such condition to avoid out-of-bounds access\nissue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ba8b41d0aa4b82f90f0c416cb53fcef9696525d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b5e5aac44fee122947a269f9034c048e4c295de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98dbf2af63de0b551082c9bc48333910e009b09f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d7242fd7946d4cba0411effb6b5048ca55125747",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6494977bd4a83862118a05f57a8df40256951c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecc461331604b07cdbdb7360dbdf78471653264c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37740.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.617",
"lastModified": "2025-05-01T13:15:52.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add sanity check for agwidth in dbMount\n\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\n\nTo avoid this issue, add a check for agwidth in dbAllocAG."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8c96a9e7660e5e5eea445978fe8f2e432d91c1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cc0bc4cb62ce5fa0c383e3bf0765d01f46bd49ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ccd97c8a4f90810f228ee40d1055148fa146dd57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ddf2846f22e8575d6b4b6a66f2100f168b8cd73d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3f85edb03183fb06539e5b50dd2c4bb42b869f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37741.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37741",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.723",
"lastModified": "2025-05-01T13:15:52.723",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Prevent copying of nlink with value 0 from disk inode\n\nsyzbot report a deadlock in diFree. [1]\n\nWhen calling \"ioctl$LOOP_SET_STATUS64\", the offset value passed in is 4,\nwhich does not match the mounted loop device, causing the mapping of the\nmounted loop device to be invalidated.\n\nWhen creating the directory and creating the inode of iag in diReadSpecial(),\nread the page of fixed disk inode (AIT) in raw mode in read_metapage(), the\nmetapage data it returns is corrupted, which causes the nlink value of 0 to be\nassigned to the iag inode when executing copy_from_dinode(), which ultimately\ncauses a deadlock when entering diFree().\n\nTo avoid this, first check the nlink value of dinode before setting iag inode.\n\n[1]\nWARNING: possible recursive locking detected\n6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Not tainted\n--------------------------------------------\nsyz-executor301/5309 is trying to acquire lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n\nbut task is already holding lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(&(imap->im_aglock[index]));\n lock(&(imap->im_aglock[index]));\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n5 locks held by syz-executor301/5309:\n #0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515\n #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline]\n #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026\n #2: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669\n\nstack backtrace:\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037\n check_deadlock kernel/locking/lockdep.c:3089 [inline]\n validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891\n __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n jfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156\n evict+0x4e8/0x9b0 fs/inode.c:725\n diFreeSpecial fs/jfs/jfs_imap.c:552 [inline]\n duplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022\n diNewIAG fs/jfs/jfs_imap.c:2597 [inline]\n diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669\n diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdirat fs/namei.c:4295 [inline]\n __se_sys_mkdirat fs/namei.c:4293 [inline]\n __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293\n do_syscall_x64 arch/x86/en\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/994787341358816d91b2fded288ecb7f129f2b27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2b560815528ae8e266fca6038bb5585d13aaef4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aeb926e605f97857504bdf748f575e40617e2ef9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3c4884b987e5d8d0ec061a4d52653c4f4b9c37e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b61e69bb1c049cf507e3c654fa3dc1568231bd07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9541c2bd0edbdbc5c1148a84d3b48dc8d1b8af2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37742.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37742",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:52.870",
"lastModified": "2025-05-01T13:15:52.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of imap allocated in the diMount() function\n\nsyzbot reports that hex_dump_to_buffer is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nhex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nprint_hex_dump+0x13d/0x3e0 lib/hexdump.c:276\ndiFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876\njfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156\nevict+0x723/0xd10 fs/inode.c:796\niput_final fs/inode.c:1946 [inline]\niput+0x97b/0xdb0 fs/inode.c:1972\ntxUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367\ntxLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\njfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733\nkthread+0x6b9/0xef0 kernel/kthread.c:464\nret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4121 [inline]\nslab_alloc_node mm/slub.c:4164 [inline]\n__kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320\nkmalloc_noprof include/linux/slab.h:901 [inline]\ndiMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105\njfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176\njfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523\nget_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636\nget_tree_bdev+0x37/0x50 fs/super.c:1659\njfs_get_tree+0x34/0x40 fs/jfs/super.c:635\nvfs_get_tree+0xb1/0x5a0 fs/super.c:1814\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3560\npath_mount+0x742/0x1f10 fs/namespace.c:3887\ndo_mount fs/namespace.c:3900 [inline]\n__do_sys_mount fs/namespace.c:4111 [inline]\n__se_sys_mount+0x71f/0x800 fs/namespace.c:4088\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088\nx64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n=====================================================\n\nThe reason is that imap is not properly initialized after memory\nallocation. It will cause the snprintf() function to write uninitialized\ndata into linebuf within hex_dump_to_buffer().\n\nFix this by using kzalloc instead of kmalloc to clear its content at the\nbeginning in diMount()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/067347e00a3a7d04afed93f080c6c131e5dd15ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63148ce4904faa668daffdd1d3c1199ae315ef2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7057f3aab47629d38e54eae83505813cf0da1e4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9629d7d66c621671d9a47afe27ca9336bfc8a9ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cab1852368dd74d629ee02abdbc559218ca64dde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0d7eca253ccd0619b3d2b683ffe32218ebca9ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-377xx/CVE-2025-37743.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-37743",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.000",
"lastModified": "2025-05-01T13:15:53.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37744.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37744",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.100",
"lastModified": "2025-05-01T13:15:53.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_pci_remove()\n\nKmemleak reported this error:\n\n unreferenced object 0xffff1c165cec3060 (size 32):\n comm \"insmod\", pid 560, jiffies 4296964570 (age 235.596s)\n backtrace:\n [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0\n [<000000001203b155>] kmalloc_trace+0x40/0x88\n [<0000000028adc9c8>] _request_firmware+0xb8/0x608\n [<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80\n [<000000005011a682>] local_pci_probe+0x48/0xd0\n [<00000000077cd295>] pci_device_probe+0xb4/0x200\n [<0000000087184c94>] really_probe+0x150/0x2c0\n\nThe firmware memory was allocated in ath12k_pci_probe(), but not\nfreed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is\nset. So call ath12k_fw_unmap() to free the memory.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52e3132e62c31b5ade43dc4495fa81175e6e8398",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb8f4c5f9c487d82a566672b5ed0c9f05e40659b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37745.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37745",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.207",
"lastModified": "2025-05-01T13:15:53.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: Avoid deadlock in hibernate_compressor_param_set()\n\nsyzbot reported a deadlock in lock_system_sleep() (see below).\n\nThe write operation to \"/sys/module/hibernate/parameters/compressor\"\nconflicts with the registration of ieee80211 device, resulting in a deadlock\nwhen attempting to acquire system_transition_mutex under param_lock.\n\nTo avoid this deadlock, change hibernate_compressor_param_set() to use\nmutex_trylock() for attempting to acquire system_transition_mutex and\nreturn -EBUSY when it fails.\n\nTask flags need not be saved or adjusted before calling\nmutex_trylock(&system_transition_mutex) because the caller is not going\nto end up waiting for this mutex and if it runs concurrently with system\nsuspend in progress, it will be frozen properly when it returns to user\nspace.\n\nsyzbot report:\n\nsyz-executor895/5833 is trying to acquire lock:\nffffffff8e0828c8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 kernel/power/main.c:56\n\nbut task is already holding lock:\nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: kernel_param_lock kernel/params.c:607 [inline]\nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xe6/0x300 kernel/params.c:586\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (param_lock){+.+.}-{4:4}:\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730\n ieee80211_rate_control_ops_get net/mac80211/rate.c:220 [inline]\n rate_control_alloc net/mac80211/rate.c:266 [inline]\n ieee80211_init_rate_ctrl_alg+0x18d/0x6b0 net/mac80211/rate.c:1015\n ieee80211_register_hw+0x20cd/0x4060 net/mac80211/main.c:1531\n mac80211_hwsim_new_radio+0x304e/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558\n init_mac80211_hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211_hwsim.c:6910\n do_one_initcall+0x128/0x700 init/main.c:1257\n do_initcall_level init/main.c:1319 [inline]\n do_initcalls init/main.c:1335 [inline]\n do_basic_setup init/main.c:1354 [inline]\n kernel_init_freeable+0x5c7/0x900 init/main.c:1568\n kernel_init+0x1c/0x2b0 init/main.c:1457\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-> #2 (rtnl_mutex){+.+.}-{4:4}:\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730\n wg_pm_notification drivers/net/wireguard/device.c:80 [inline]\n wg_pm_notification+0x49/0x180 drivers/net/wireguard/device.c:64\n notifier_call_chain+0xb7/0x410 kernel/notifier.c:85\n notifier_call_chain_robust kernel/notifier.c:120 [inline]\n blocking_notifier_call_chain_robust kernel/notifier.c:345 [inline]\n blocking_notifier_call_chain_robust+0xc9/0x170 kernel/notifier.c:333\n pm_notifier_call_chain_robust+0x27/0x60 kernel/power/main.c:102\n snapshot_open+0x189/0x2b0 kernel/power/user.c:77\n misc_open+0x35a/0x420 drivers/char/misc.c:179\n chrdev_open+0x237/0x6a0 fs/char_dev.c:414\n do_dentry_open+0x735/0x1c40 fs/open.c:956\n vfs_open+0x82/0x3f0 fs/open.c:1086\n do_open fs/namei.c:3830 [inline]\n path_openat+0x1e88/0x2d80 fs/namei.c:3989\n do_filp_open+0x20c/0x470 fs/namei.c:4016\n do_sys_openat2+0x17a/0x1e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x175/0x210 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #1 ((pm_chain_head).rwsem){++++}-{4:4}:\n down_read+0x9a/0x330 kernel/locking/rwsem.c:1524\n blocking_notifier_call_chain_robust kerne\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3b2c3806ef4253595dfcb8b58352cfab55c9bfb0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52323ed1444ea5c2a5f1754ea0a2d9c8c216ccdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6dbaa8583af74814a5aae03a337cb1722c414808",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-377xx/CVE-2025-37746.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-37746",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.313",
"lastModified": "2025-05-01T13:15:53.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37747.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37747",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.417",
"lastModified": "2025-05-01T13:15:53.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix hang while freeing sigtrap event\n\nPerf can hang while freeing a sigtrap event if a related deferred\nsignal hadn't managed to be sent before the file got closed:\n\nperf_event_overflow()\n task_work_add(perf_pending_task)\n\nfput()\n task_work_add(____fput())\n\ntask_work_run()\n ____fput()\n perf_release()\n perf_event_release_kernel()\n _free_event()\n perf_pending_task_sync()\n task_work_cancel() -> FAILED\n rcuwait_wait_event()\n\nOnce task_work_run() is running, the list of pending callbacks is\nremoved from the task_struct and from this point on task_work_cancel()\ncan't remove any pending and not yet started work items, hence the\ntask_work_cancel() failure and the hang on rcuwait_wait_event().\n\nTask work could be changed to remove one work at a time, so a work\nrunning on the current task can always cancel a pending one, however\nthe wait / wake design is still subject to inverted dependencies when\nremote targets are involved, as pictured by Oleg:\n\nT1 T2\n\nfd = perf_event_open(pid => T2->pid); fd = perf_event_open(pid => T1->pid);\nclose(fd) close(fd)\n <IRQ> <IRQ>\n perf_event_overflow() perf_event_overflow()\n task_work_add(perf_pending_task) task_work_add(perf_pending_task)\n </IRQ> </IRQ>\n fput() fput()\n task_work_add(____fput()) task_work_add(____fput())\n\n task_work_run() task_work_run()\n ____fput() ____fput()\n perf_release() perf_release()\n perf_event_release_kernel() perf_event_release_kernel()\n _free_event() _free_event()\n perf_pending_task_sync() perf_pending_task_sync()\n rcuwait_wait_event() rcuwait_wait_event()\n\nTherefore the only option left is to acquire the event reference count\nupon queueing the perf task work and release it from the task work, just\nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\")\nbut without the leaks it fixed.\n\nSome adjustments are necessary to make it work:\n\n* A child event might dereference its parent upon freeing. Care must be\n taken to release the parent last.\n\n* Some places assuming the event doesn't have any reference held and\n therefore can be freed right away must instead put the reference and\n let the reference counting to its job."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1267bd38f161c1a27d9b722de017027167a225a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56799bc035658738f362acec3e7647bb84e68933",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/665b87b8f8b3aeb49083ef3b65c4953e7753fc12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa1827fa968c0674e9b6fca223fa9fb4da4493eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37748.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37748",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.523",
"lastModified": "2025-05-01T13:15:53.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37749.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37749",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.633",
"lastModified": "2025-05-01T13:15:53.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37750.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37750",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.740",
"lastModified": "2025-05-01T13:15:53.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can't done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith 'vers=3.1.1,multichannel,max_channels=4,seal' against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9502dd5c7029902f4a425bf959917a5a9e7c0e50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/950557922c1298464749c216d8763e97faf5d0a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa5a1e4b882964eb79d5b5d1d1e8a1a5efbb1d15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e859b216d94668bc66330e61be201234f4413d1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-377xx/CVE-2025-37751.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-37751",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.843",
"lastModified": "2025-05-01T13:15:53.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/cpu: Avoid running off the end of an AMD erratum table\n\nThe NULL array terminator at the end of erratum_1386_microcode was\nremoved during the switch from x86_cpu_desc to x86_cpu_id. This\ncauses readers to run off the end of the array.\n\nReplace the NULL."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b518f73f1b6f59e083ec33dea22d9a1a275a970",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0df00ebc57f803603f2a2e0df197e51f06fbe90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37752.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37752",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:53.933",
"lastModified": "2025-05-01T13:15:53.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1348214fa042a71406964097e743c87a42c85a49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e5e1fcc1b8ed57f902c424c5d9b328a3a19073d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b36a68192037d1614317a09b0d78c7814e2eecf9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3bf8f63e6179076b57c9de660c9f80b5abefe70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2718324f9e329b10ddc091fba5a0ba2b9d4d96a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f86293adce0c201cfabb283ef9d6f21292089bb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37753.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37753",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.050",
"lastModified": "2025-05-01T13:15:54.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpumf: Fix double free on error in cpumf_pmu_event_init()\n\nIn PMU event initialization functions\n - cpumsf_pmu_event_init()\n - cpumf_pmu_event_init()\n - cfdiag_event_init()\nthe partially created event had to be removed when an error was detected.\nThe event::event_init() member function had to release all resources\nit allocated in case of error. event::destroy() had to be called\non freeing an event after it was successfully created and\nevent::event_init() returned success.\n\nWith\n\ncommit c70ca298036c (\"perf/core: Simplify the perf_event_alloc() error path\")\n\nthis is not necessary anymore. The performance subsystem common\ncode now always calls event::destroy() to clean up the allocated\nresources created during event initialization.\n\nRemove the event::destroy() invocation in PMU event initialization\nor that function is called twice for each event that runs into an\nerror condition in event creation.\n\nThis is the kernel log entry which shows up without the fix:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 43388 at lib/refcount.c:87\trefcount_dec_not_one+0x74/0x90\nCPU: 0 UID: 0 PID: 43388 Comm: perf Not tainted 6.15.0-20250407.rc1.git0.300.fc41.s390x+git #1 NONE\nHardware name: IBM 3931 A01 704 (LPAR)\nKrnl PSW : 0704c00180000000 00000209cb2c1b88 (refcount_dec_not_one+0x78/0x90)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 0000020900000027 0000020900000023 0000000000000026 0000018900000000\n 00000004a2200a00 0000000000000000 0000000000000057 ffffffffffffffea\n 00000002b386c600 00000002b3f5b3e0 00000209cc51f140 00000209cc7fc550\n 0000000001449d38 ffffffffffffffff 00000209cb2c1b84 00000189d67dfb80\nKrnl Code: 00000209cb2c1b78: c02000506727\tlarl\t%r2,00000209cbcce9c6\n 00000209cb2c1b7e: c0e5ffbd4431\tbrasl\t%r14,00000209caa6a3e0\n #00000209cb2c1b84: af000000\t\tmc\t0,0\n >00000209cb2c1b88: a7480001\t\tlhi\t%r4,1\n 00000209cb2c1b8c: ebeff0a00004\tlmg\t%r14,%r15,160(%r15)\n 00000209cb2c1b92: ec243fbf0055\trisbg\t%r2,%r4,63,191,0\n 00000209cb2c1b98: 07fe\t\tbcr\t15,%r14\n 00000209cb2c1b9a: 47000700\t\tbc\t0,1792\nCall Trace:\n [<00000209cb2c1b88>] refcount_dec_not_one+0x78/0x90\n [<00000209cb2c1dc4>] refcount_dec_and_mutex_lock+0x24/0x90\n [<00000209caa3c29e>] hw_perf_event_destroy+0x2e/0x80\n [<00000209cacaf8b4>] __free_event+0x74/0x270\n [<00000209cacb47c4>] perf_event_alloc.part.0+0x4a4/0x730\n [<00000209cacbf3e8>] __do_sys_perf_event_open+0x248/0xc20\n [<00000209cacc14a4>] __s390x_sys_perf_event_open+0x44/0x50\n [<00000209cb8114de>] __do_syscall+0x12e/0x260\n [<00000209cb81ce34>] system_call+0x74/0x98\nLast Breaking-Event-Address:\n [<00000209caa6a4d2>] __warn_printk+0xf2/0x100\n---[ end trace 0000000000000000 ]---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a3faf873db5dcd5d2622d8e2accb90af0a86c2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa1ac98268cd1f380c713f07e39b1fa1d5c7650c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bdbecb2bf531fadbbc9347a79009f7a58ea7eb03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ddf60c1491102dab04491481bc3376d3e9cd139d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-377xx/CVE-2025-37754.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-37754",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.157",
"lastModified": "2025-05-01T13:15:54.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/huc: Fix fence not released on early probe errors\n\nHuC delayed loading fence, introduced with commit 27536e03271da\n(\"drm/i915/huc: track delayed HuC load with a fence\"), is registered with\nobject tracker early on driver probe but unregistered only from driver\nremove, which is not called on early probe errors. Since its memory is\nallocated under devres, then released anyway, it may happen to be\nallocated again to the fence and reused on future driver probes, resulting\nin kernel warnings that taint the kernel:\n\n<4> [309.731371] ------------[ cut here ]------------\n<3> [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915]\n<4> [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0\n...\n<4> [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G U 6.14.0-CI_DRM_16362-gf0fd77956987+ #1\n...\n<4> [309.731700] RIP: 0010:debug_print_object+0x93/0xf0\n...\n<4> [309.731728] Call Trace:\n<4> [309.731730] <TASK>\n...\n<4> [309.731949] __debug_object_init+0x17b/0x1c0\n<4> [309.731957] debug_object_init+0x34/0x50\n<4> [309.732126] __i915_sw_fence_init+0x34/0x60 [i915]\n<4> [309.732256] intel_huc_init_early+0x4b/0x1d0 [i915]\n<4> [309.732468] intel_uc_init_early+0x61/0x680 [i915]\n<4> [309.732667] intel_gt_common_init_early+0x105/0x130 [i915]\n<4> [309.732804] intel_root_gt_init_early+0x63/0x80 [i915]\n<4> [309.732938] i915_driver_probe+0x1fa/0xeb0 [i915]\n<4> [309.733075] i915_pci_probe+0xe6/0x220 [i915]\n<4> [309.733198] local_pci_probe+0x44/0xb0\n<4> [309.733203] pci_device_probe+0xf4/0x270\n<4> [309.733209] really_probe+0xee/0x3c0\n<4> [309.733215] __driver_probe_device+0x8c/0x180\n<4> [309.733219] driver_probe_device+0x24/0xd0\n<4> [309.733223] __driver_attach+0x10f/0x220\n<4> [309.733230] bus_for_each_dev+0x7d/0xe0\n<4> [309.733236] driver_attach+0x1e/0x30\n<4> [309.733239] bus_add_driver+0x151/0x290\n<4> [309.733244] driver_register+0x5e/0x130\n<4> [309.733247] __pci_register_driver+0x7d/0x90\n<4> [309.733251] i915_pci_register_driver+0x23/0x30 [i915]\n<4> [309.733413] i915_init+0x34/0x120 [i915]\n<4> [309.733655] do_one_initcall+0x62/0x3f0\n<4> [309.733667] do_init_module+0x97/0x2a0\n<4> [309.733671] load_module+0x25ff/0x2890\n<4> [309.733688] init_module_from_file+0x97/0xe0\n<4> [309.733701] idempotent_init_module+0x118/0x330\n<4> [309.733711] __x64_sys_finit_module+0x77/0x100\n<4> [309.733715] x64_sys_call+0x1f37/0x2650\n<4> [309.733719] do_syscall_64+0x91/0x180\n<4> [309.733763] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n<4> [309.733792] </TASK>\n...\n<4> [309.733806] ---[ end trace 0000000000000000 ]---\n\nThat scenario is most easily reproducible with\nigt@i915_module_load@reload-with-fault-injection.\n\nFix the issue by moving the cleanup step to driver release path.\n\n(cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4bd4bf79bcfe101f0385ab81dbabb6e3f7d96c00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f5ef4a5eaa61a7a4ed31231da45deb85065397a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5a906806162aea62dbe5d327760ce3b7117ca17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3ea2eae70692a455e256787e4f54153fb739b90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f104ef4db9f8f3923cc06ed1fafb3da38df6006d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2025/CVE-2025-377xx/CVE-2025-37755.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-37755",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.267",
"lastModified": "2025-05-01T13:15:54.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dd13c60348f515acd8c6f25a561b9c4e3b04fea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f1ff1b38a7c8b872382b796023419d87d78c47e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90bec7cef8805f9a23145e070dff28a02bb584eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad81d666e114ebf989fc9994d4c93d451dc60056",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c17ef974bfcf1a50818168b47c4606b425a957c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37756.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37756",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.370",
"lastModified": "2025-05-01T13:15:54.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: explicitly disallow disconnect\n\nsyzbot discovered that it can disconnect a TLS socket and then\nrun into all sort of unexpected corner cases. I have a vague\nrecollection of Eric pointing this out to us a long time ago.\nSupporting disconnect is really hard, for one thing if offload\nis enabled we'd need to wait for all packets to be _acked_.\nDisconnect is not commonly used, disallow it.\n\nThe immediate problem syzbot run into is the warning in the strp,\nbut that's just the easiest bug to trigger:\n\n WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n Call Trace:\n <TASK>\n tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363\n tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043\n inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678\n sock_recvmsg_nosec net/socket.c:1023 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1045\n __sys_recvfrom+0x202/0x380 net/socket.c:2237"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37757.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37757",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.480",
"lastModified": "2025-05-01T13:15:54.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix memory leak in tipc_link_xmit\n\nIn case the backlog transmit queue for system-importance messages is overloaded,\ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to\nmemory leak and failure when a skb is allocated.\n\nThis commit fixes this issue by purging the skb list before tipc_link_xmit()\nreturns."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/09c2dcda2c551bba30710c33f6ac678ae7395389",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/24e6280cdd7f8d01fc6b9b365fb800c2fb7ea9bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69ae94725f4fc9e75219d2d69022029c5b24bc9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c5957f7905b4aede9d7a559d271438f3ca9e852",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a40cbfbb8f95c325430f017883da669b2aa927d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0e02d3d27a0b4dcb13f954f537ca1dd8f282dcf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2025/CVE-2025-377xx/CVE-2025-37758.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-37758",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.583",
"lastModified": "2025-05-01T13:15:54.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()\n\ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does\nnot check for this case, which can result in a NULL pointer dereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ba9e4c69207777bb0775c7c091800ecd69de144",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2dc53c7a0c1f57b082931facafa804a7ca32a9a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5b09bf6243b0bc0ae58bd9efdf6f0de5546f8d06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad320e408a8c95a282ab9c05cdf0c9b95e317985",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c022287f6e599422511aa227dc6da37b58d9ceac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee2b0301d6bfe16b35d57947687c664ecb815775",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-377xx/CVE-2025-37759.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-37759",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-01T13:15:54.690",
"lastModified": "2025-05-01T13:15:54.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix handling recovery & reissue in ublk_abort_queue()\n\nCommit 8284066946e6 (\"ublk: grab request reference when the request is handled\nby userspace\") doesn't grab request reference in case of recovery reissue.\nThen the request can be requeued & re-dispatch & failed when canceling\nuring command.\n\nIf it is one zc request, the request can be freed before io_uring\nreturns the zc buffer back, then cause kernel panic:\n\n[ 126.773061] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[ 126.773657] #PF: supervisor read access in kernel mode\n[ 126.774052] #PF: error_code(0x0000) - not-present page\n[ 126.774455] PGD 0 P4D 0\n[ 126.774698] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 126.775034] CPU: 13 UID: 0 PID: 1612 Comm: kworker/u64:55 Not tainted 6.14.0_blk+ #182 PREEMPT(full)\n[ 126.775676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n[ 126.776275] Workqueue: iou_exit io_ring_exit_work\n[ 126.776651] RIP: 0010:ublk_io_release+0x14/0x130 [ublk_drv]\n\nFixes it by always grabbing request reference for aborting the request."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a21d259ca4d6310fdfcc0284ebbc000e66cbf70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d34a30efac9c9c93e150130caa940c0df6053c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ee6bd5d4fce502a5b5a2ea805e9ff16e6aa890f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/caa5c8a2358604f38bf0a4afaa5eacda13763067",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

88
CVE-2025/CVE-2025-38xx/CVE-2025-3874.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2025-3874",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T12:15:17.400",
"lastModified": "2025-05-01T12:15:17.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://developer.wordpress.org/reference/functions/wp_generate_password/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/class-wpsc-cart.php#L32",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/class-wpsc-cart.php#L68",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L158",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L265",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L525",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3284572/",
"source": "security@wordfence.com"
},
{
"url": "https://www.tipsandtricks-hq.com/ecommerce/wp-shopping-cart",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4fed59bf-885b-4a06-aff2-8e5ab5f83ba7?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2025/CVE-2025-38xx/CVE-2025-3889.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2025-3889",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T12:15:17.630",
"lastModified": "2025-05-01T12:15:17.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L324",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3284572/",
"source": "security@wordfence.com"
},
{
"url": "https://www.tipsandtricks-hq.com/ecommerce/simple-shopping-cart-enabling-manual-offline-checkout",
"source": "security@wordfence.com"
},
{
"url": "https://www.tipsandtricks-hq.com/ecommerce/wp-shopping-cart",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41212533-535e-4a9e-a9b8-1240021a3752?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2025/CVE-2025-38xx/CVE-2025-3890.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-3890",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T12:15:17.830",
"lastModified": "2025-05-01T12:15:17.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L20",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3284572/",
"source": "security@wordfence.com"
},
{
"url": "https://www.tipsandtricks-hq.com/ecommerce/simple-wp-shopping-cart-installation-usage-290#step-1-inserting-an-add-to-cart-button",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93898bf8-cfed-44bf-9d68-a0167beba86a?source=cve",
"source": "security@wordfence.com"
}
]
}

145
CVE-2025/CVE-2025-41xx/CVE-2025-4163.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4163",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-01T12:15:18.027",
"lastModified": "2025-05-01T12:15:18.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Iandweb/CVE/issues/10",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306695",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306695",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560883",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-41xx/CVE-2025-4164.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4164",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-01T12:15:18.410",
"lastModified": "2025-05-01T12:15:18.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ideal-valli/myCVE/issues/2",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306696",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306696",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.561140",
"source": "cna@vuldb.com"
}
]
}

45
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-05-01T12:00:22.426011+00:00
2025-05-01T14:00:20.012439+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-05-01T11:15:54.943000+00:00
2025-05-01T13:58:41.403000+00:00
```
### Last Data Feed Release
@ -33,25 +33,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
291895
291949
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `54`
- [CVE-2025-27007](CVE-2025/CVE-2025-270xx/CVE-2025-27007.json) (`2025-05-01T11:15:54.517`)
- [CVE-2025-4159](CVE-2025/CVE-2025-41xx/CVE-2025-4159.json) (`2025-05-01T10:15:15.637`)
- [CVE-2025-4160](CVE-2025/CVE-2025-41xx/CVE-2025-4160.json) (`2025-05-01T10:15:17.567`)
- [CVE-2025-4161](CVE-2025/CVE-2025-41xx/CVE-2025-4161.json) (`2025-05-01T11:15:54.740`)
- [CVE-2025-4162](CVE-2025/CVE-2025-41xx/CVE-2025-4162.json) (`2025-05-01T11:15:54.943`)
- [CVE-2025-37740](CVE-2025/CVE-2025-377xx/CVE-2025-37740.json) (`2025-05-01T13:15:52.617`)
- [CVE-2025-37741](CVE-2025/CVE-2025-377xx/CVE-2025-37741.json) (`2025-05-01T13:15:52.723`)
- [CVE-2025-37742](CVE-2025/CVE-2025-377xx/CVE-2025-37742.json) (`2025-05-01T13:15:52.870`)
- [CVE-2025-37743](CVE-2025/CVE-2025-377xx/CVE-2025-37743.json) (`2025-05-01T13:15:53.000`)
- [CVE-2025-37744](CVE-2025/CVE-2025-377xx/CVE-2025-37744.json) (`2025-05-01T13:15:53.100`)
- [CVE-2025-37745](CVE-2025/CVE-2025-377xx/CVE-2025-37745.json) (`2025-05-01T13:15:53.207`)
- [CVE-2025-37746](CVE-2025/CVE-2025-377xx/CVE-2025-37746.json) (`2025-05-01T13:15:53.313`)
- [CVE-2025-37747](CVE-2025/CVE-2025-377xx/CVE-2025-37747.json) (`2025-05-01T13:15:53.417`)
- [CVE-2025-37748](CVE-2025/CVE-2025-377xx/CVE-2025-37748.json) (`2025-05-01T13:15:53.523`)
- [CVE-2025-37749](CVE-2025/CVE-2025-377xx/CVE-2025-37749.json) (`2025-05-01T13:15:53.633`)
- [CVE-2025-37750](CVE-2025/CVE-2025-377xx/CVE-2025-37750.json) (`2025-05-01T13:15:53.740`)
- [CVE-2025-37751](CVE-2025/CVE-2025-377xx/CVE-2025-37751.json) (`2025-05-01T13:15:53.843`)
- [CVE-2025-37752](CVE-2025/CVE-2025-377xx/CVE-2025-37752.json) (`2025-05-01T13:15:53.933`)
- [CVE-2025-37753](CVE-2025/CVE-2025-377xx/CVE-2025-37753.json) (`2025-05-01T13:15:54.050`)
- [CVE-2025-37754](CVE-2025/CVE-2025-377xx/CVE-2025-37754.json) (`2025-05-01T13:15:54.157`)
- [CVE-2025-37755](CVE-2025/CVE-2025-377xx/CVE-2025-37755.json) (`2025-05-01T13:15:54.267`)
- [CVE-2025-37756](CVE-2025/CVE-2025-377xx/CVE-2025-37756.json) (`2025-05-01T13:15:54.370`)
- [CVE-2025-37757](CVE-2025/CVE-2025-377xx/CVE-2025-37757.json) (`2025-05-01T13:15:54.480`)
- [CVE-2025-37758](CVE-2025/CVE-2025-377xx/CVE-2025-37758.json) (`2025-05-01T13:15:54.583`)
- [CVE-2025-37759](CVE-2025/CVE-2025-377xx/CVE-2025-37759.json) (`2025-05-01T13:15:54.690`)
- [CVE-2025-3874](CVE-2025/CVE-2025-38xx/CVE-2025-3874.json) (`2025-05-01T12:15:17.400`)
- [CVE-2025-3889](CVE-2025/CVE-2025-38xx/CVE-2025-3889.json) (`2025-05-01T12:15:17.630`)
- [CVE-2025-3890](CVE-2025/CVE-2025-38xx/CVE-2025-3890.json) (`2025-05-01T12:15:17.830`)
- [CVE-2025-4163](CVE-2025/CVE-2025-41xx/CVE-2025-4163.json) (`2025-05-01T12:15:18.027`)
- [CVE-2025-4164](CVE-2025/CVE-2025-41xx/CVE-2025-4164.json) (`2025-05-01T12:15:18.410`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `4`
- [CVE-2025-24358](CVE-2025/CVE-2025-243xx/CVE-2025-24358.json) (`2025-05-01T11:15:53.613`)
- [CVE-2020-8887](CVE-2020/CVE-2020-88xx/CVE-2020-8887.json) (`2025-05-01T12:28:01.117`)
- [CVE-2024-36843](CVE-2024/CVE-2024-368xx/CVE-2024-36843.json) (`2025-05-01T13:58:41.403`)
- [CVE-2024-36844](CVE-2024/CVE-2024-368xx/CVE-2024-36844.json) (`2025-05-01T13:50:48.783`)
- [CVE-2024-36845](CVE-2024/CVE-2024-368xx/CVE-2024-36845.json) (`2025-05-01T13:44:15.047`)
## Download and Usage

74
_state.csv
View File

@ -163977,7 +163977,7 @@ CVE-2020-8881,0,0,ae84037f02e3eb0be75b35574a9635f6dafb65cff74a4b0875df199c28adb3
CVE-2020-8882,0,0,760301fbf1983b445a350f2ee2de69c3f7f4391ec2dd2ff389c5086ed1ba4b67,2024-11-21T05:39:37.750000
CVE-2020-8883,0,0,140fa782b1c2263a234690cdd5e1939d58c1bd17c1d9c69127aaea545b73f3e7,2024-11-21T05:39:37.873000
CVE-2020-8884,0,0,62c3d0d5605748bf18cc10a39f4965c42d1cd3232e3e2766291378613f8bacfa,2024-11-21T05:39:37.993000
CVE-2020-8887,0,0,3f8976eaa1b0ccbadce9faa5eb643903c040ba1911bed14f12f698edfad33e15,2024-11-21T05:39:38.127000
CVE-2020-8887,0,1,f4a22ed573a4b21322096421941a7229319df0336618a5ac54ee4007046f256c,2025-05-01T12:28:01.117000
CVE-2020-8889,0,0,72d0e240bbd0af9b84b64f987c3a97cbcde0ebfab791b0b1cd1eb5746a8b0b02,2025-02-19T16:15:34.377000
CVE-2020-8890,0,0,a46877426bca4d412baefde37339ae29e5fa6fa91fc5e75288d89f5da2f02f5b,2024-11-21T05:39:38.383000
CVE-2020-8891,0,0,492549d24e4839b58b1379241fb724c6b6815a7e72e8622ba9276406641efb6a,2024-11-21T05:39:38.517000
@ -236961,6 +236961,7 @@ CVE-2023-46665,0,0,32dad0b632b212dcfaf349323787acdbc67f171e3c51973bae4cf3f543d38
CVE-2023-46666,0,0,3aab3745d648a8ac5528cfd7d84a852719ee099c885ccee79057e68df959f542,2024-11-21T08:29:01.290000
CVE-2023-46667,0,0,93f9a87b2cc6fdbdee39581bce1991b219d25b10067a723f617be80955e51a62,2024-11-21T08:29:01.517000
CVE-2023-46668,0,0,7ab25963dbffc75bef9a7b6ba17dcbb42b49c487c83e2e5143710207620a9e07,2024-11-21T08:29:01.693000
CVE-2023-46669,1,1,173a3745d2ddfbf006e2f01383bd7576cfc695d2a91db32b7d493485c82f1a4c,2025-05-01T13:15:49
CVE-2023-4667,0,0,34428789044fed6bb0633a483393b47d2d3a1e509c764f302f1ca4de9a0ea3ac,2024-11-21T08:35:38.667000
CVE-2023-46671,0,0,9d9adb61e92dbeed44bf19defc2e8703dc6e760e43fea31fb07348ce4839c104,2024-11-21T08:29:01.887000
CVE-2023-46672,0,0,827854831e743e04e4baf0a3e9366d4e47947649367329d4359bd82bd112cac9,2025-02-13T18:15:36.440000
@ -262113,9 +262114,9 @@ CVE-2024-36837,0,0,d83fc28981d319ecf854be01b7dc28f82c71da56080e984abdcd526f25d1b
CVE-2024-3684,0,0,bc358363415738df391830c2c3e66cdd750f4480781ea5b14341855b580ed24b,2024-11-21T09:30:10.410000
CVE-2024-36840,0,0,df76986cf4b78b412b0f52e824699180a22287010c032e08a5b788b4993c826f,2024-11-21T09:22:41.443000
CVE-2024-36842,0,0,c900ac12b42947520a07733334cc7fabb739bbc241d4e293b67f7a0426eb38ce,2025-04-15T20:15:38.160000
CVE-2024-36843,0,0,0dd88625e4c7927017ac2ccd743026dc0bf8dec364e7370ed4476d6c15f67003,2024-11-21T09:22:41.673000
CVE-2024-36844,0,0,0db2c3d462d7ef694fdfe2f6888312c32e020055907b6f4c8aa2c7f269d2f9ce,2024-11-21T09:22:41.893000
CVE-2024-36845,0,0,529960ecea926e798a44b8fbaf67e53a1386a02af542112cc5cbae429ea7b091,2024-11-21T09:22:42.107000
CVE-2024-36843,0,1,4f2813d9787730f0c76ebb364de98b8d6d65cc85f15dfcc669285ce9ff931398,2025-05-01T13:58:41.403000
CVE-2024-36844,0,1,0e07f14d646e4608d2c5f0215dd13d7c0c37d7dd6411553d056eacb44a2d8811,2025-05-01T13:50:48.783000
CVE-2024-36845,0,1,4ce1f4c2c134dcb3e739a58874a07cd882aed50a1ec82f0a23eeb5d6cc9833dc,2025-05-01T13:44:15.047000
CVE-2024-3685,0,0,d6fa1aff3c8bf02829128e0400bab2e6dfa4de545756a2548fb99c1f50f36428,2025-04-08T16:38:03.363000
CVE-2024-36856,0,0,c2c9e2a071273475ffd67fbc7ae98736ae7165895044bbeace0e5f5f79ae55cb,2024-11-21T09:22:42.327000
CVE-2024-36857,0,0,a42a68bedad76e5c1728ea90940ecf278487ee7de40ccce95e0e9777fcf5387e,2024-11-21T09:22:42.543000
@ -282488,6 +282489,7 @@ CVE-2025-1525,0,0,56f5cf451ca8c66d91cb2e8b96d22f5423c38f7de01ea72992906057bb56a9
CVE-2025-1526,0,0,dc577948525af4962caef0feff11f01d08897db3dd0fe72a79c53b4a55322150,2025-03-24T18:04:40.790000
CVE-2025-1527,0,0,7be240da06a123eaef4b9aa76c072e4e6a6c01ee83d4c1bebb95f9baf79b5a8f,2025-03-24T17:50:57.550000
CVE-2025-1528,0,0,7b51d848bb252c8d2ce8faab7faf50aeaf0b47cac9c6975607b632c5e9c036f9,2025-03-14T05:15:42.170000
CVE-2025-1529,1,1,cfcd19eff85119ebc7ce298d3c90313406ee71ad041f63310ad0b7e28407e87a,2025-05-01T12:15:16.093000
CVE-2025-1530,0,0,ed6a58b2ce0963d4916405e3ed170ebde0139d6563d9178f85d8eb94b6cc94f3,2025-03-25T20:02:28.730000
CVE-2025-1532,0,0,c2f406da754c5ece0ce7daf089182db7b8a57d5a40631d6c0c5a42295c0ecceb,2025-04-17T20:21:48.243000
CVE-2025-1534,0,0,d4620aa836a115e03710779902069e790678aabc65f691200373939865d57e00,2025-04-07T21:15:41.667000
@ -284932,7 +284934,32 @@ CVE-2025-23135,0,0,296db62624eee1811a0964c3e1083cb2234b903e7d9b1e51b6bfe253d4534
CVE-2025-23136,0,0,61005a13c2a63500eb5d16129da64fdcb21418cc16820bec486f0d9a0afaf989,2025-04-29T18:53:02.607000
CVE-2025-23137,0,0,2f6de023d458cbc94b5a4d2e8590bb7a61b8ca8cbadf5082cac9bed96418b98d,2025-04-29T18:53:31.417000
CVE-2025-23138,0,0,c16db113cdb0a874ec5a72e943048cdb54dff27bc5f98bac6f1f4e8e58ff4fbe,2025-04-17T20:22:16.240000
CVE-2025-23139,1,1,0c50dbb2922e054c892144ae96e86cabcbb6b3f06962c3a652677d9ed4944886,2025-05-01T13:15:49.693000
CVE-2025-2314,0,0,da0d16bd7cdf67126af9cb8b7b9eae653178ef2aa94ef32791352e7cdd49eda9,2025-04-16T13:25:37.340000
CVE-2025-23140,1,1,61ed6aaa1cc7aba04ac8b9c89f5396ceac5e5982e165773f077e7272b0db1d7f,2025-05-01T13:15:49.807000
CVE-2025-23141,1,1,d2a015447a5dac1b753e0f78ed98e912541e9c19d0c92f84e0366311aafe5b2f,2025-05-01T13:15:49.910000
CVE-2025-23142,1,1,78343e6104f0b6a28c784a0ae8e29751f53fe5db8746267e8fda7fcd3ffcf583,2025-05-01T13:15:50.017000
CVE-2025-23143,1,1,e8aed90a4ce4824f2efc941e2c03765c4d49ab778a2205b6c322d0923d73a7a9,2025-05-01T13:15:50.127000
CVE-2025-23144,1,1,443d422d73a6997881d057f4ea6f2350f2944bb597bbd5ee2290b0e7910dadbe,2025-05-01T13:15:50.237000
CVE-2025-23145,1,1,828edfee5a6d32ccb10599dfd392db1502be6cdfad2b9cd21b58733e54d598f1,2025-05-01T13:15:50.343000
CVE-2025-23146,1,1,4c303e736347e9d2ad7679285070ac3a5a9f17abe98aec5b080797ea6e3e55ec,2025-05-01T13:15:50.453000
CVE-2025-23147,1,1,e37b79c2481ab5a36d287891431c340512296fd28a4b4f18d772acab936a948c,2025-05-01T13:15:50.563000
CVE-2025-23148,1,1,2d098d4d6fca38b66af0c848d1fc90fc772be6c27021ba43676185b9d2c7f8d8,2025-05-01T13:15:50.670000
CVE-2025-23149,1,1,a5a929ac969c09d0919dbd22c6db7900a2122c76a2b2771d936a3c9eb5c8cf4c,2025-05-01T13:15:50.780000
CVE-2025-23150,1,1,91cdfbc704c0601a6657b171b6ab3e944b9665b8222bdc91857a45f7b3822ff9,2025-05-01T13:15:50.893000
CVE-2025-23151,1,1,d9cec07536fdbad646a524f7cfd47ec98faa80888e96428c50f7cf4b770ca5d5,2025-05-01T13:15:51.003000
CVE-2025-23152,1,1,4f1ceca49f53f59021676f1b73a96f93e9f4dba85ab0db67d21e1f68e854e9b3,2025-05-01T13:15:51.110000
CVE-2025-23153,1,1,279988816f8971c9ae518de31f462b590dc9963d8861044e406389a406dfd652,2025-05-01T13:15:51.210000
CVE-2025-23154,1,1,a31ef3dc647f9b5242e4306d42aa26be27ce5fb0b7e15d2afae246df28243808,2025-05-01T13:15:51.310000
CVE-2025-23155,1,1,98ac2c12583de543632b113c9a833b1dbe91f1880c4c3f87cbacacd9fad217a2,2025-05-01T13:15:51.413000
CVE-2025-23156,1,1,f970f90ff028ba2c12ea0eca722acb34ddaec62d7d5a7125e01884ee51c36436,2025-05-01T13:15:51.517000
CVE-2025-23157,1,1,37091e0d672eef10bf2964396886cad586b03ffd772e7e6494c3690c829232d2,2025-05-01T13:15:51.623000
CVE-2025-23158,1,1,f7cfee83b41721ae83fb3790ed4059d20b4a5de85d73993d30f6fd8132b9d39b,2025-05-01T13:15:51.733000
CVE-2025-23159,1,1,0e9ef81efd3a006c11f5b49f47658202c7853e75e9495b6acd1016491aa5f701,2025-05-01T13:15:51.843000
CVE-2025-23160,1,1,d9af302db9ed544c76718aa2fd1320cf54c85cf155fc6cbcddf945af1ebf17a6,2025-05-01T13:15:51.957000
CVE-2025-23161,1,1,6c8f3f930e576d3c921144f9819186b6b5c39fca03d89858589006b191d2a0b1,2025-05-01T13:15:52.060000
CVE-2025-23162,1,1,8ad489aacc63f5c2df959a500fe7ce01991b41d14b539ea6c01f82e58b62493e,2025-05-01T13:15:52.167000
CVE-2025-23163,1,1,3c5ca675d7c26bece5a57ee52d88215b656b33b370a87922d5736cc2480c7442,2025-05-01T13:15:52.273000
CVE-2025-2317,0,0,9ea9ba34615d5bc5ee8806158627db355af143699ea415828af46066a4160dd0,2025-04-07T14:18:15.560000
CVE-2025-23174,0,0,50322119595bff087a12ed6f94f87f583ba40060fccb96eb5cf9c3f3476fa552,2025-04-23T14:08:13.383000
CVE-2025-23175,0,0,d32116b600ac178b1ee720078d8acfc21dc4298d12982e92ae53dd00f4271286,2025-04-23T14:08:13.383000
@ -285932,7 +285959,7 @@ CVE-2025-24354,0,0,33e96f6ab404cf45f0a4405c77520b82358348aceacdc778687814571e590
CVE-2025-24355,0,0,2b68b163db748dec99ff55b2d4d371492d44a4482a7f15b8973aa6b3a0f994c5,2025-01-24T17:15:16.047000
CVE-2025-24356,0,0,d0b82c0018364f3dc83d637e30ca6c64f4be25093ccf7468d678a6ec3efd7022,2025-01-27T18:15:41.347000
CVE-2025-24357,0,0,33b4b3c939c862c35be8fbd83a4f327fbd80fdaea485d698b2dba1d8e5ecb167,2025-01-27T18:15:41.523000
CVE-2025-24358,0,1,cb156030162fa2c7bf6dbd49aaf71a23c1384a691e07ea90b834ee6ce37085dc,2025-05-01T11:15:53.613000
CVE-2025-24358,0,0,cb156030162fa2c7bf6dbd49aaf71a23c1384a691e07ea90b834ee6ce37085dc,2025-05-01T11:15:53.613000
CVE-2025-24359,0,0,1ef1d48aa16d3d1524839190f2a92e68f271b7bbb06dbb86c77c3115b6a414ab,2025-01-24T17:15:16.197000
CVE-2025-24360,0,0,9b8d13d61afdc9c82b83c3501ec96029794286adee2fcfad926404556ff5277e,2025-01-25T01:15:24.047000
CVE-2025-24361,0,0,398144fa5fffc1da1e51f93b9cc9373c390b7e27a0bd14059d4987e6ffaf08d7,2025-01-25T01:15:24.193000
@ -287550,7 +287577,7 @@ CVE-2025-26999,0,0,cdacabf1a660ac6dee9a5685fa630f6b1572dbc44af9dd2498823746cb2cf
CVE-2025-2700,0,0,834dcedd7f40ed7b4107c8c13076bfc0c6c6096a854321a45822e8d64deac3c4,2025-04-01T20:47:42.813000
CVE-2025-27000,0,0,1ac554f083699af2e8a7ca7e5b9fee0cf63423d6e7b9eac2cf80407f8bbcfb4d,2025-02-25T15:15:31.853000
CVE-2025-27001,0,0,9549fdac37d52ebf8e1c75331c3601de8f03a77a6f35cd82e54896fef08473b7,2025-03-28T18:11:40.180000
CVE-2025-27007,1,1,39731e3aed9a4a9818d01e2cabb41193c29a2b325b09e48f69756965059cd8b1,2025-05-01T11:15:54.517000
CVE-2025-27007,0,0,39731e3aed9a4a9818d01e2cabb41193c29a2b325b09e48f69756965059cd8b1,2025-05-01T11:15:54.517000
CVE-2025-27008,0,0,1708de4dfae031876ed7d8e7fae7765e4b7ae93e2aef72116fe164d3c1e29fab,2025-04-16T13:25:37.340000
CVE-2025-27009,0,0,ba7a3973ccfababfdb452ae41b4eb27fe597fd251e088b37a2e2b8e171857c6b,2025-04-15T18:39:27.967000
CVE-2025-2701,0,0,4a00a8c87ae1a8f8d8996e5497fbf475b3761e12c82cf113f0ba83ecc0864e95,2025-03-24T09:15:13.950000
@ -291157,7 +291184,29 @@ CVE-2025-3763,0,0,c2aeaf4e8713969cbcc2b366e32db402f446e96b5ad22f6b0b16c7ce3b9570
CVE-2025-3764,0,0,e84969aec07c3f0b618d986e55e8dc06349b46cdb4fda27910d41b016449ce80,2025-04-17T20:21:05.203000
CVE-2025-3765,0,0,68e17786c25a61efd339a22730a89c86209c696f27734ad0227474e202b53368,2025-04-17T20:21:05.203000
CVE-2025-3767,0,0,292444054f64728a26421e1d4abd19f40fd20bae5ef25e71c0fda7db865359ae,2025-04-23T14:08:13.383000
CVE-2025-37738,1,1,dc4e5e77769d3494fb6ba3dee62abf2774fa4e0cd747912a84ced13a709a2602,2025-05-01T13:15:52.383000
CVE-2025-37739,1,1,7b276a6a93a70c843b02eaa9d07c347edc3ee1bee02aa43791c3f119931a12ba,2025-05-01T13:15:52.500000
CVE-2025-37740,1,1,d0f0398869e0651d04f43356eebc980190b482cf7728c5135b3844d4f5f3b599,2025-05-01T13:15:52.617000
CVE-2025-37741,1,1,90cb6e889d93c9eb3b12994bd73f2e1bfa973c378acd047a3f02c3e97008a934,2025-05-01T13:15:52.723000
CVE-2025-37742,1,1,abd106de93f781931e8da1aaa4c37290c87581942b61e73050c9447f525d3304,2025-05-01T13:15:52.870000
CVE-2025-37743,1,1,f639d68dd3436b517ccd3f74d6328f7eb100c57e39bb3e67841ed3be4aa3d0ea,2025-05-01T13:15:53
CVE-2025-37744,1,1,87da3bc849b470a0adb91217e6184a61ed25b61e979c766e51582e4d3d396d42,2025-05-01T13:15:53.100000
CVE-2025-37745,1,1,2c170aadee48bbc0ce0cf22ac2843ef07c1fd3fae8f970164340e165695f5bc5,2025-05-01T13:15:53.207000
CVE-2025-37746,1,1,9b4490309dc86189215ce7bd1f0d65e45fcf2d23d8ee03c589fed8da5d1f2889,2025-05-01T13:15:53.313000
CVE-2025-37747,1,1,b091c2e0eccea8a25acf8b716e80730f2de155f27c232f7f0020f591a7cb6384,2025-05-01T13:15:53.417000
CVE-2025-37748,1,1,709da694c18e20e5cb8a40cd2f98dc654a9fe1b99a0d175bd08f78260562afd0,2025-05-01T13:15:53.523000
CVE-2025-37749,1,1,132262737f37baca212aefa634257a386e0c2499e41c57170dd64a1c69c71cd6,2025-05-01T13:15:53.633000
CVE-2025-3775,0,0,20bc664b0f69129d68331aeb5d33b9dfe8093b6db4e47568c03fcca515e2ea9e,2025-04-29T13:52:28.490000
CVE-2025-37750,1,1,3344820979f2ed93d6d54dc45ad7f3a8007676fb866df78a949fd289a7587283,2025-05-01T13:15:53.740000
CVE-2025-37751,1,1,7c129f3d253cffb4312c783acf5736ac1f9e5be41f5d8771b91490dbe96edc1c,2025-05-01T13:15:53.843000
CVE-2025-37752,1,1,9ae93e9bd0a6e24a794ecb47eba0eb277e7576a2632da9325476cd11f7201ec6,2025-05-01T13:15:53.933000
CVE-2025-37753,1,1,3e01f401dfc653b37b076291234b72c23176bce45b74a81a1869a78029b8566c,2025-05-01T13:15:54.050000
CVE-2025-37754,1,1,6b31c32edd745e4c8374167a9f3d55767f40b1c30da8bc5c857f82543fea6834,2025-05-01T13:15:54.157000
CVE-2025-37755,1,1,bf7d3c6919e185a9e2df5f9a5382ed8c22d28ca3b23ef8bb23ad778ce7a5278a,2025-05-01T13:15:54.267000
CVE-2025-37756,1,1,b2a600a6ecc7638c3b230f805bb7449cc8cfc12dff57b4fa51bd63eaccd35723,2025-05-01T13:15:54.370000
CVE-2025-37757,1,1,454af8174994e5b421ff120318c6cfaa84565ddb7e5c5d68e804bb913a6a9bf1,2025-05-01T13:15:54.480000
CVE-2025-37758,1,1,4a1167e2f6cb74e3585be294a3f7a9e56848d0562e2fc9c595006747527c0632,2025-05-01T13:15:54.583000
CVE-2025-37759,1,1,79dddd645aa46e230eee8788bb9549a030546f2d247e4b260ebb1cbbd4fc296f,2025-05-01T13:15:54.690000
CVE-2025-3776,0,0,b97851cfd5e91384771b780d4e1c5367c36e39bef30f6566b6d107fa57954dff,2025-04-29T13:52:47.470000
CVE-2025-37785,0,0,819e98308a2831c55347329c367982a19c0595edc97f14a7607d4771840236ec,2025-04-29T16:56:25.337000
CVE-2025-3783,0,0,08564e7625cce7923d54746f30fbc8f13bf12d9607faa6a7346084b96420b3f3,2025-04-23T18:03:35.193000
@ -291235,7 +291284,10 @@ CVE-2025-3867,0,0,6bbe7b335b1e947d65c52a905afc6132aa2aaf1b01e07c3a3303c89ef02601
CVE-2025-3868,0,0,e109e29b4a56b298e188d2d4af5984428468734c332a2ae4218688aa746fb72a,2025-04-29T13:52:28.490000
CVE-2025-3870,0,0,5d27427174a3606bfdd389a0cb245ecba9bd450174244992e8a6859595ce8c31,2025-04-29T13:52:28.490000
CVE-2025-3872,0,0,26604960001ce7e7efc01090e0c7f3ace8c54075c9f64bec667f2f9d611a1cbd,2025-04-29T13:52:47.470000
CVE-2025-3874,1,1,f2b81cd8779573bca148a17e968846de3225cbfedd1cc7e344d5bd81c8ffeed2,2025-05-01T12:15:17.400000
CVE-2025-3886,0,0,f9805f0706b699e818a837c8b7b69b045e46e370a62bab3d99d660c6876ebab1,2025-04-29T13:52:10.697000
CVE-2025-3889,1,1,5fa149a2738d087fbae48a242570b6d65fe885673d28e60005c7da7814caacf6,2025-05-01T12:15:17.630000
CVE-2025-3890,1,1,142ccea53c9b7836336636d676da51334b24d39c53210fde199d58fff0b5be71,2025-05-01T12:15:17.830000
CVE-2025-3891,0,0,66c9bbf21446c2a81910c7c819fbca63ebe00d82cb7021843a3a86e4480aea86,2025-04-29T13:52:10.697000
CVE-2025-3900,0,0,0d562be7b180640d1fa0f8676fba7fa2392337449d93ebe74c33a5f4dae11360,2025-04-29T13:52:47.470000
CVE-2025-3901,0,0,2ba85ef5f554a9662d34880d6756dc984d3f9d34a1b66af96036fb769e6d7e2b,2025-04-29T13:52:47.470000
@ -291579,10 +291631,12 @@ CVE-2025-4155,0,0,234e0aa8d4679a9d8c3c03f103bdd0908b989aee23b2ce329e097330769469
CVE-2025-4156,0,0,f3cf4c24357db800a8118d2c77fb9a4448dbe59cfe48e408476564c9525e04d5,2025-05-01T08:15:18.303000
CVE-2025-4157,0,0,c785b85e50eed1e86f831067d0f3756579c2214b3d22d15ba264d29668dc13b5,2025-05-01T09:15:15.513000
CVE-2025-4158,0,0,e23022f0ebc8947a6e388aba8c58133109e914495c633044cb90fd0dc7df7aa8,2025-05-01T09:15:15.720000
CVE-2025-4159,1,1,68f2c5a67e9e0f3b64a99d0c230858983dcf2a0212c8b40f34bb860ee2009c60,2025-05-01T10:15:15.637000
CVE-2025-4160,1,1,bd3d61dc158005b8eadaad91688c5e6ea77a87757276f97c9e8027f5f300ad1d,2025-05-01T10:15:17.567000
CVE-2025-4161,1,1,cde5cf15ca28ba2dc4a58adb1509417cc330c89f3e2adf67581e59645e40eecb,2025-05-01T11:15:54.740000
CVE-2025-4162,1,1,26d7832c6d9aa77cd2e2b0951fcf113f262951d7be491357599a7de418c8861d,2025-05-01T11:15:54.943000
CVE-2025-4159,0,0,68f2c5a67e9e0f3b64a99d0c230858983dcf2a0212c8b40f34bb860ee2009c60,2025-05-01T10:15:15.637000
CVE-2025-4160,0,0,bd3d61dc158005b8eadaad91688c5e6ea77a87757276f97c9e8027f5f300ad1d,2025-05-01T10:15:17.567000
CVE-2025-4161,0,0,cde5cf15ca28ba2dc4a58adb1509417cc330c89f3e2adf67581e59645e40eecb,2025-05-01T11:15:54.740000
CVE-2025-4162,0,0,26d7832c6d9aa77cd2e2b0951fcf113f262951d7be491357599a7de418c8861d,2025-05-01T11:15:54.943000
CVE-2025-4163,1,1,aad4a1ee6b85eb4644fef4fe8e99ac7792c23da35a6956ba10144cdbc08b17b3,2025-05-01T12:15:18.027000
CVE-2025-4164,1,1,3dfe497c4c78856107763aebcd4aaf5aae65bdd5e57383a37abe4f04e24a4c52,2025-05-01T12:15:18.410000
CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000
CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000
CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000

Can't render this file because it is too large.