From 8304e41770b70e2fd091a1b9b45cc4d26bceda84 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 18 Jun 2025 12:04:02 +0000 Subject: [PATCH] Auto-Update: 2025-06-18T12:00:25.203106+00:00 --- CVE-2022/CVE-2022-499xx/CVE-2022-49934.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49935.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49936.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49937.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49938.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49939.json | 45 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49940.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49941.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49942.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49943.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49944.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49945.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49946.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49947.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49948.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49949.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49950.json | 37 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49951.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49952.json | 37 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49953.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49954.json | 37 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49955.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49956.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49957.json | 45 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49958.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49959.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49960.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49961.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49962.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49963.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49964.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49965.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49966.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49967.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49968.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49969.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49970.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49971.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49972.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49973.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49974.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49975.json | 37 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49976.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49977.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49978.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49979.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49980.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49981.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49982.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49983.json | 37 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49984.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49985.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49986.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49987.json | 45 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49988.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49989.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49990.json | 41 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49991.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49992.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49993.json | 49 +++ CVE-2022/CVE-2022-499xx/CVE-2022-49994.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49995.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49996.json | 29 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49997.json | 25 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49998.json | 33 ++ CVE-2022/CVE-2022-499xx/CVE-2022-49999.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50000.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50001.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50002.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50003.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50004.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50005.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50006.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50007.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50008.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50009.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50010.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50011.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50012.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50013.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50014.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50015.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50016.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50017.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50018.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50019.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50020.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50021.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50022.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50023.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50024.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50025.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50026.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50027.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50028.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50029.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50030.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50031.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50032.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50033.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50034.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50035.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50036.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50037.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50038.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50039.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50040.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50041.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50042.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50043.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50044.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50045.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50046.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50047.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50048.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50049.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50050.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50051.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50052.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50053.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50054.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50055.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50056.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50057.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50058.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50059.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50060.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50061.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50062.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50063.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50064.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50065.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50066.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50067.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50068.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50069.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50070.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50071.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50072.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50073.json | 25 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50074.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50075.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50076.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50077.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50078.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50079.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50080.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50081.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50082.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50083.json | 53 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50084.json | 53 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50085.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50086.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50087.json | 45 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50088.json | 29 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50089.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50090.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50091.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50092.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50093.json | 41 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50094.json | 53 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50095.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50096.json | 37 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50097.json | 49 +++ CVE-2022/CVE-2022-500xx/CVE-2022-50098.json | 33 ++ CVE-2022/CVE-2022-500xx/CVE-2022-50099.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50100.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50101.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50102.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50103.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50104.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50105.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50106.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50107.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50108.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50109.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50110.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50111.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50112.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50113.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50114.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50115.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50116.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50117.json | 25 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50118.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50119.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50120.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50121.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50122.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50123.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50124.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50125.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50126.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50127.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50128.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50129.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50130.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50131.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50132.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50133.json | 25 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50134.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50135.json | 25 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50136.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50137.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50138.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50139.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50140.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50141.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50142.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50143.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50144.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50145.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50146.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50147.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50148.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50149.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50150.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50151.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50152.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50153.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50154.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50155.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50156.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50157.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50158.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50159.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50160.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50161.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50162.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50163.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50164.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50165.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50166.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50167.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50168.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50169.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50170.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50171.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50172.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50173.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50174.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50175.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50176.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50177.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50178.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50179.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50180.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50181.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50182.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50183.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50184.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50185.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50186.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50187.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50188.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50189.json | 25 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50190.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50191.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50192.json | 33 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50193.json | 29 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50194.json | 41 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50195.json | 25 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50196.json | 37 ++ CVE-2022/CVE-2022-501xx/CVE-2022-50197.json | 49 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50198.json | 45 +++ CVE-2022/CVE-2022-501xx/CVE-2022-50199.json | 41 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50200.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50201.json | 33 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50202.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50203.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50204.json | 33 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50205.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50206.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50207.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50208.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50209.json | 45 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50210.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50211.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50212.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50213.json | 45 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50214.json | 41 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50215.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50216.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50217.json | 29 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50218.json | 49 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50219.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50220.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50221.json | 25 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50222.json | 45 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50223.json | 25 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50224.json | 25 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50225.json | 33 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50226.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50227.json | 25 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50228.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50229.json | 53 +++ CVE-2022/CVE-2022-502xx/CVE-2022-50230.json | 21 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50231.json | 37 ++ CVE-2022/CVE-2022-502xx/CVE-2022-50232.json | 21 ++ CVE-2024/CVE-2024-397xx/CVE-2024-39780.json | 12 +- CVE-2025/CVE-2025-10xx/CVE-2025-1088.json | 56 +++ CVE-2025/CVE-2025-239xx/CVE-2025-23999.json | 56 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38005.json | 45 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38006.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38007.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38008.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38009.json | 45 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38010.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38011.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38012.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38013.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38014.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38015.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38016.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38017.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38018.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38019.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38020.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38021.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38022.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38023.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38024.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38025.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38026.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38027.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38028.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38029.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38030.json | 41 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38031.json | 45 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38032.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38033.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38034.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38035.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38036.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38037.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38038.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38039.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38040.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38041.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38042.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38043.json | 41 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38044.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38045.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38046.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38047.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38048.json | 41 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38050.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38051.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38052.json | 45 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38053.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38054.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38055.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38056.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38057.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38058.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38059.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38060.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38061.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38062.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38063.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38064.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38065.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38066.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38067.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38068.json | 41 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38069.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38070.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38071.json | 37 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38072.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38073.json | 29 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38074.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38075.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38076.json | 25 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38077.json | 41 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38078.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38079.json | 49 +++ CVE-2025/CVE-2025-380xx/CVE-2025-38080.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38081.json | 33 ++ CVE-2025/CVE-2025-380xx/CVE-2025-38082.json | 29 ++ CVE-2025/CVE-2025-52xx/CVE-2025-5237.json | 68 ++++ CVE-2025/CVE-2025-60xx/CVE-2025-6086.json | 60 +++ README.md | 37 +- _state.csv | 388 +++++++++++++++++++- 383 files changed, 14340 insertions(+), 17 deletions(-) create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49934.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49935.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49936.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49937.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49938.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49939.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49940.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49941.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49942.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49943.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49944.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49945.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49946.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49947.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49948.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49949.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49950.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49951.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49952.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49953.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49954.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49955.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49956.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49957.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49958.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49959.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49960.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49961.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49962.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49963.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49964.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49965.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49966.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49967.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49968.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49969.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49970.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49971.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49972.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49973.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49974.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49975.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49976.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49977.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49978.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49979.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49980.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49981.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49982.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49983.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49984.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49985.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49986.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49987.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49988.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49989.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49990.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49991.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49992.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49993.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49994.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49995.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49996.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49997.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49998.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49999.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50000.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50001.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50002.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50003.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50004.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50005.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50006.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50007.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50008.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50009.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50010.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50011.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50012.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50013.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50014.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50015.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50016.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50017.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50018.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50019.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50020.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50021.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50022.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50023.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50024.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50025.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50026.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50027.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50028.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50029.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50030.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50031.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50032.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50033.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50034.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50035.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50036.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50037.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50038.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50039.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50040.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50041.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50042.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50043.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50044.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50045.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50046.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50047.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50048.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50049.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50050.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50051.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50052.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50053.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50054.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50055.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50056.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50057.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50058.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50059.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50060.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50061.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50062.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50063.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50064.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50065.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50066.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50067.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50068.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50069.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50070.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50071.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50072.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50073.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50074.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50075.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50076.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50077.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50078.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50079.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50080.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50081.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50082.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50083.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50084.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50085.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50086.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50087.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50088.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50089.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50090.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50091.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50092.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50093.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50094.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50095.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50096.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50097.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50098.json create mode 100644 CVE-2022/CVE-2022-500xx/CVE-2022-50099.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50100.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50101.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50102.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50103.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50104.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50105.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50106.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50107.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50108.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50109.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50110.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50111.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50112.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50113.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50114.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50115.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50116.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50117.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50118.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50119.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50120.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50121.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50122.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50123.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50124.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50125.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50126.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50127.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50128.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50129.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50130.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50131.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50132.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50133.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50134.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50135.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50136.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50137.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50138.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50139.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50140.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50141.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50142.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50143.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50144.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50145.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50146.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50147.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50148.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50149.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50150.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50151.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50152.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50153.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50154.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50155.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50156.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50157.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50158.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50159.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50160.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50161.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50162.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50163.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50164.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50165.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50166.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50167.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50168.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50169.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50170.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50171.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50172.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50173.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50174.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50175.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50176.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50177.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50178.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50179.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50180.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50181.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50182.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50183.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50184.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50185.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50186.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50187.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50188.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50189.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50190.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50191.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50192.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50193.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50194.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50195.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50196.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50197.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50198.json create mode 100644 CVE-2022/CVE-2022-501xx/CVE-2022-50199.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50200.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50201.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50202.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50203.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50204.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50205.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50206.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50207.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50208.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50209.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50210.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50211.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50212.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50213.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50214.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50215.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50216.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50217.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50218.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50219.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50220.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50221.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50222.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50223.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50224.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50225.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50226.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50227.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50228.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50229.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50230.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50231.json create mode 100644 CVE-2022/CVE-2022-502xx/CVE-2022-50232.json create mode 100644 CVE-2025/CVE-2025-10xx/CVE-2025-1088.json create mode 100644 CVE-2025/CVE-2025-239xx/CVE-2025-23999.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38005.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38006.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38007.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38008.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38009.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38010.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38011.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38012.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38013.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38014.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38015.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38016.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38017.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38018.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38019.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38020.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38021.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38022.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38023.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38024.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38025.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38026.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38027.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38028.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38029.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38030.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38031.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38032.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38033.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38034.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38035.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38036.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38037.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38038.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38039.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38040.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38041.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38042.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38043.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38044.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38045.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38046.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38047.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38048.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38050.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38051.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38052.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38053.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38054.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38055.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38056.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38057.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38058.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38059.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38060.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38061.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38062.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38063.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38064.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38065.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38066.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38067.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38068.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38069.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38070.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38071.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38072.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38073.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38074.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38075.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38076.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38077.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38078.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38079.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38080.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38081.json create mode 100644 CVE-2025/CVE-2025-380xx/CVE-2025-38082.json create mode 100644 CVE-2025/CVE-2025-52xx/CVE-2025-5237.json create mode 100644 CVE-2025/CVE-2025-60xx/CVE-2025-6086.json diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json new file mode 100644 index 00000000000..aec9444580b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49934", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:19.400", + "lastModified": "2025-06-18T11:15:19.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix UAF in ieee80211_scan_rx()\n\nieee80211_scan_rx() tries to access scan_req->flags after a\nnull check, but a UAF is observed when the scan is completed\nand __ieee80211_scan_completed() executes, which then calls\ncfg80211_scan_done() leading to the freeing of scan_req.\n\nSince scan_req is rcu_dereference()'d, prevent the racing in\n__ieee80211_scan_completed() by ensuring that from mac80211's\nPOV it is no longer accessed from an RCU read critical section\nbefore we call cfg80211_scan_done()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4abc8c07a065ecf771827bde3c63fbbe4aa0c08b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d20c6f932f2758078d0454729129c894fe353e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60deb9f10eec5c6a20252ed36238b55d8b614a2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6eb181a64fdabf10be9e54de728876667da20255", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78a07732fbb0934d14827d8f09b9aa6a49ee1aa9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ad48cbf8b07f10c1e4a7a262b32a9179ae9dd2d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0445feb80a4d0854898118fa01073701f8d356b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0ff39448cea654843744c72c6780293c5082cb1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json new file mode 100644 index 00000000000..68f12754cec --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49935", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.340", + "lastModified": "2025-06-18T11:15:20.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a3f7c10a269d5b77dd5822ade822643ced3057f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json new file mode 100644 index 00000000000..50cbc20b834 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49936", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.450", + "lastModified": "2025-06-18T11:15:20.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt. That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best. However, the bug report points out that the USB\ncore does not have any protection against nested resets. Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b29498669914c7f9afb619722421418a753d372", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c6d778800b921bde3bff3cff5003d1650f942d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c548b99e1c37db6f7df86ecfe9a1f895d6c5966e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc9a12e12808af178c600cc485338bac2e37d2a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5eb850b3e8836197a38475840725260b9783e94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df1875084898b15cbc42f712e93d7f113ae6271b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json new file mode 100644 index 00000000000..142dd546e54 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49937", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.570", + "lastModified": "2025-06-18T11:15:20.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mceusb: Use new usb_control_msg_*() routines\n\nAutomatic kernel fuzzing led to a WARN about invalid pipe direction in\nthe mceusb driver:\n\n------------[ cut here ]------------\nusb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40\nWARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410\nusb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nCode: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8\n44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b\ne9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41\nRSP: 0018:ffffc900032becf0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000\nRDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90\nRBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000\nR10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000\nR13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500\nFS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0\nCall Trace:\n\nusb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58\nusb_internal_control_msg drivers/usb/core/message.c:102 [inline]\nusb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153\nmceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]\nmceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807\n\nThe reason for the warning is clear enough; the driver sends an\nunusual read request on endpoint 0 but does not set the USB_DIR_IN bit\nin the bRequestType field.\n\nMore importantly, the whole situation can be avoided and the driver\nsimplified by converting it over to the relatively new\nusb_control_msg_recv() and usb_control_msg_send() routines. That's\nwhat this fix does." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json new file mode 100644 index 00000000000..0c795205cbe --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49938", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.683", + "lastModified": "2025-06-18T11:15:20.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json new file mode 100644 index 00000000000..c10711ba82e --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-49939", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.793", + "lastModified": "2025-06-18T11:15:20.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF of ref->proc caused by race condition\n\nA transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the\nreference for a node. In this case, the target proc normally releases\nthe failed reference upon close as expected. However, if the target is\ndying in parallel the call will race with binder_deferred_release(), so\nthe target could have released all of its references by now leaving the\ncleanup of the new failed reference unhandled.\n\nThe transaction then ends and the target proc gets released making the\nref->proc now a dangling pointer. Later on, ref->node is closed and we\nattempt to take spin_lock(&ref->proc->inner_lock), which leads to the\nuse-after-free bug reported below. Let's fix this by cleaning up the\nfailed reference on the spot instead of relying on the target to do so.\n\n ==================================================================\n BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150\n Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590\n\n CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10\n Hardware name: linux,dummy-virt (DT)\n Workqueue: events binder_deferred_func\n Call trace:\n dump_backtrace.part.0+0x1d0/0x1e0\n show_stack+0x18/0x70\n dump_stack_lvl+0x68/0x84\n print_report+0x2e4/0x61c\n kasan_report+0xa4/0x110\n kasan_check_range+0xfc/0x1a4\n __kasan_check_write+0x3c/0x50\n _raw_spin_lock+0xa8/0x150\n binder_deferred_func+0x5e0/0x9b0\n process_one_work+0x38c/0x5f0\n worker_thread+0x9c/0x694\n kthread+0x188/0x190\n ret_from_fork+0x10/0x20" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06e5b43ca4dab06a92bf4c2f33766e6fb11b880a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/229f47603dd306bc0eb1a831439adb8e48bb0eae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/30d0901b307f27d36b2655fb3048cf31ee0e89c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/603a47f2ae56bf68288784d3c0a8c5b8e0a827ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9629f2dfdb1dad294b468038ff8e161e94d0b609", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0e44c64b6061dda7e00b7c458e4523e2331b739", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2a4b5dc8fa71af73bab704d0cac42ac39767ed6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json new file mode 100644 index 00000000000..dd973e4d602 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49940", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:20.917", + "lastModified": "2025-06-18T11:15:20.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n \n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/309aea4b6b813f6678c3a547cfd7fe3a76ffa976", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a82cf64f8ad63caf6bf115642ce44ddbc64311e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5aa37f9510345a812c0998bcbbc4d88d1dcc4d8b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49941.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49941.json new file mode 100644 index 00000000000..6998ebc443b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49941.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49941", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.030", + "lastModified": "2025-06-18T11:15:21.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: avoid call of sleeping functions from atomic context\n\nSyzkaller reports the following problem:\n\nBUG: sleeping function called from invalid context at kernel/printk/printk.c:2347\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1105, name: syz-executor423\n3 locks held by syz-executor423/1105:\n #0: ffff8881468b9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x90 drivers/tty/tty_ldisc.c:266\n #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:952 [inline]\n #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:975 [inline]\n #1: ffff8881468b9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x2a8/0x8e0 drivers/tty/tty_io.c:1118\n #2: ffff88801b06c398 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write+0x5e/0x150 drivers/tty/n_gsm.c:2717\nirq event stamp: 3482\nhardirqs last enabled at (3481): [] __get_reqs_available+0x143/0x2f0 fs/aio.c:946\nhardirqs last disabled at (3482): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\nhardirqs last disabled at (3482): [] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:159\nsoftirqs last enabled at (3408): [] asm_call_irq_on_stack+0x12/0x20\nsoftirqs last disabled at (3401): [] asm_call_irq_on_stack+0x12/0x20\nPreemption disabled at:\n[<0000000000000000>] 0x0\nCPU: 2 PID: 1105 Comm: syz-executor423 Not tainted 5.10.137-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:118\n ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7304\n console_lock+0x19/0x80 kernel/printk/printk.c:2347\n do_con_write+0x113/0x1de0 drivers/tty/vt/vt.c:2909\n con_write+0x22/0xc0 drivers/tty/vt/vt.c:3296\n gsmld_write+0xd0/0x150 drivers/tty/n_gsm.c:2720\n do_tty_write drivers/tty/tty_io.c:1028 [inline]\n file_tty_write.constprop.0+0x502/0x8e0 drivers/tty/tty_io.c:1118\n call_write_iter include/linux/fs.h:1903 [inline]\n aio_write+0x355/0x7b0 fs/aio.c:1580\n __io_submit_one fs/aio.c:1952 [inline]\n io_submit_one+0xf45/0x1a90 fs/aio.c:1999\n __do_sys_io_submit fs/aio.c:2058 [inline]\n __se_sys_io_submit fs/aio.c:2028 [inline]\n __x64_sys_io_submit+0x18c/0x2f0 fs/aio.c:2028\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThe problem happens in the following control flow:\n\ngsmld_write(...)\nspin_lock_irqsave(&gsm->tx_lock, flags) // taken a spinlock on TX data\n con_write(...)\n do_con_write(...)\n console_lock()\n might_sleep() // -> bug\n\nAs far as console_lock() might sleep it should not be called with\nspinlock held.\n\nThe patch replaces tx_lock spinlock with mutex in order to avoid the\nproblem.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/132331c1f605eb5911795a6b9115114575594d0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/902e02ea9385373ce4b142576eef41c642703955", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb75efdec8dd0f01ac85c88feafa6e63b34a2521", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json new file mode 100644 index 00000000000..b6761e5c23c --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49942", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.147", + "lastModified": "2025-06-18T11:15:21.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel \"switch\"\nannouncement doesn't make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json new file mode 100644 index 00000000000..4a0384e031b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49943", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.267", + "lastModified": "2025-06-18T11:15:21.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation. In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (kn->active#4){++++}-{0:0}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __kernfs_remove+0x268/0x380\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kernfs_remove_by_name_ns+0x58/0xac\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sysfs_remove_file_ns+0x18/0x24\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_del+0x15c/0x440\n\n-> #2 (device_links_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_link_remove+0x3c/0xa0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 _regulator_put.part.0+0x168/0x190\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_put+0x3c/0x54\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 devm_regulator_release+0x14/0x20\n\n-> #1 (regulator_list_mutex){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_lock_dependent+0x54/0x284\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_enable+0x34/0x80\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 phy_power_on+0x24/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __dwc2_lowlevel_hw_enable+0x100/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_lowlevel_hw_enable+0x18/0x40\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_hsotg_udc_start+0x6c/0x2f0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 gadget_bind_driver+0x124/0x1f4\n\n-> #0 (udc_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __lock_acquire+0x1298/0x20cc\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire.part.0+0xe0/0x230\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc->driver along with a few other\nthings. As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's ->bind or ->unbind\nroutine, or while a UDC is being started or stopped. (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' ->disconnect callbacks are problematic. Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the ->bind callback is invoked. If a disconnect occurred\nduring that window, we could call the driver's ->disconnect routine\nbefore its ->bind routine. To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver. This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this. Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc->driver at arbitrary times since it is a\nsysfs callback. The solution here is to acquire the gadget's device\nlock rather than the udc_mutex. Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc->driver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc->driver. The missing lock and\nunlock calls are added." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1016fc0c096c92dd0e6e0541daac7a7868169903", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a065e4673cbdd9f222a05f85e17d78ea50c8d9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json new file mode 100644 index 00000000000..fa3d27311e2 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49944", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.377", + "lastModified": "2025-06-18T11:15:21.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: typec: ucsi: add a common function ucsi_unregister_connectors()\"\n\nThe recent commit 87d0e2f41b8c (\"usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()\") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs. It's a\nstale sysfs entry that should have been removed but remains with NULL\nops. The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json new file mode 100644 index 00000000000..d6dbd6289b8 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49945", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.483", + "lastModified": "2025-06-18T11:15:21.483", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (gpio-fan) Fix array out of bounds access\n\nThe driver does not check if the cooling state passed to\ngpio_fan_set_cur_state() exceeds the maximum cooling state as\nstored in fan_data->num_speeds. Since the cooling state is later\nused as an array index in set_fan_speed(), an array out of bounds\naccess can occur.\nThis can be exploited by setting the state of the thermal cooling device\nto arbitrary values, causing for example a kernel oops when unavailable\nmemory is accessed this way.\n\nExample kernel oops:\n[ 807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064\n[ 807.987369] Mem abort info:\n[ 807.987398] ESR = 0x96000005\n[ 807.987428] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 807.987477] SET = 0, FnV = 0\n[ 807.987507] EA = 0, S1PTW = 0\n[ 807.987536] FSC = 0x05: level 1 translation fault\n[ 807.987570] Data abort info:\n[ 807.987763] ISV = 0, ISS = 0x00000005\n[ 807.987801] CM = 0, WnR = 0\n[ 807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000\n[ 807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[ 807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G C 5.15.56-v8+ #1575\n[ 807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[ 807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.988691] sp : ffffffc008cf3bd0\n[ 807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000\n[ 807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920\n[ 807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c\n[ 807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000\n[ 807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70\n[ 807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c\n[ 807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009\n[ 807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8\n[ 807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060\n[ 807.989084] Call trace:\n[ 807.989091] set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.989113] gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.989199] cur_state_store+0x84/0xd0\n[ 807.989221] dev_attr_store+0x20/0x38\n[ 807.989262] sysfs_kf_write+0x4c/0x60\n[ 807.989282] kernfs_fop_write_iter+0x130/0x1c0\n[ 807.989298] new_sync_write+0x10c/0x190\n[ 807.989315] vfs_write+0x254/0x378\n[ 807.989362] ksys_write+0x70/0xf8\n[ 807.989379] __arm64_sys_write+0x24/0x30\n[ 807.989424] invoke_syscall+0x4c/0x110\n[ 807.989442] el0_svc_common.constprop.3+0xfc/0x120\n[ 807.989458] do_el0_svc+0x2c/0x90\n[ 807.989473] el0_svc+0x24/0x60\n[ 807.989544] el0t_64_sync_handler+0x90/0xb8\n[ 807.989558] el0t_64_sync+0x1a0/0x1a4\n[ 807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416)\n[ 807.989627] ---[ end t\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3263984c7acdcb0658155b05a724ed45a10de76d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ff866455e1e263a9ac1958095fd440984248e2f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/517dba798793e69b510779c3cde7224a65f3ed1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53196e0376205ed49b75bfd0475af5e0fbd20156", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7756eb1ed124753f4d64f761fc3d84290dffcb4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8ae6a18708f260ccdeef6ba53af7548457dc26c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e9f6972ab40a82bd7f6d36800792ba2e084474d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f233d2be38dbbb22299192292983037f01ab363c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json new file mode 100644 index 00000000000..a9f5564f30e --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49946", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.610", + "lastModified": "2025-06-18T11:15:21.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Prevent out-of-bounds access\n\nThe while loop in raspberrypi_discover_clocks() relies on the assumption\nthat the id of the last clock element is zero. Because this data comes\nfrom the Videocore firmware and it doesn't guarantuee such a behavior\nthis could lead to out-of-bounds access. So fix this by providing\na sentinel element." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json new file mode 100644 index 00000000000..6d0bcd9be49 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49947", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.717", + "lastModified": "2025-06-18T11:15:21.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix alloc->vma_vm_mm null-ptr dereference\n\nSyzbot reported a couple issues introduced by commit 44e602b4e52f\n(\"binder_alloc: add missing mmap_lock calls when using the VMA\"), in\nwhich we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not\nbeen initialized yet.\n\nThis can happen if a binder_proc receives a transaction without having\npreviously called mmap() to setup the binder_proc->alloc space in [1].\nAlso, a similar issue occurs via binder_alloc_print_pages() when we try\nto dump the debugfs binder stats file in [2].\n\nSample of syzbot's crash report:\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\n CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0\n syz-executor229[3755] cmdline: ./syz-executor2294415195\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923\n [...]\n Call Trace:\n \n lock_acquire kernel/locking/lockdep.c:5666 [inline]\n lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631\n down_read+0x98/0x450 kernel/locking/rwsem.c:1499\n mmap_read_lock include/linux/mmap_lock.h:117 [inline]\n binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline]\n binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593\n binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199\n binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986\n binder_ioctl_write_read drivers/android/binder.c:5036 [inline]\n binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n ==================================================================\n\nFix these issues by setting up alloc->vma_vm_mm pointer during open()\nand caching directly from current->mm. This guarantees we have a valid\nreference to take the mmap_lock during scenarios described above.\n\n[1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459\n[2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1da52815d5f1b654c89044db0cdc6adce43da1f1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81203ab7a6ef843a2b904a0a494f28c457d44d27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2a97babb0a510f8921891f9e70c5a5ef33cadac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json new file mode 100644 index 00000000000..d516d527b30 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49948", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.827", + "lastModified": "2025-06-18T11:15:21.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: Clear selection before changing the font\n\nWhen changing the console font with ioctl(KDFONTOP) the new font size\ncan be bigger than the previous font. A previous selection may thus now\nbe outside of the new screen size and thus trigger out-of-bounds\naccesses to graphics memory if the selection is removed in\nvc_do_resize().\n\nPrevent such out-of-memory accesses by dropping the selection before the\nvarious con_font_set() console handlers are called." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cf1930369c9dc428d827b60260c53271bff3285", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2535431ae967ad17585513649625fea7db28d4db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/566f9c9f89337792070b5a6062dff448b3e7977f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/989201bb8c00b222235aff04e6200230d29dc7bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c904fe03c4bd1f356a58797d39e2a5d0ca15cefc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e9ba4611ddf676194385506222cce7b0844e708e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f74b4a41c5d7c9522469917e3072e55d435efd9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json new file mode 100644 index 00000000000..079dc71ce69 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49949", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:21.947", + "lastModified": "2025-06-18T11:15:21.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix memory leak in firmware upload\n\nIn the case of firmware-upload, an instance of struct fw_upload is\nallocated in firmware_upload_register(). This data needs to be freed\nin fw_dev_release(). Create a new fw_upload_free() function in\nsysfs_upload.c to handle the firmware-upload specific memory frees\nand incorporate the missing kfree call for the fw_upload structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/789bba82f63c3e81dce426ba457fc7905b30ac6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/baf92485d111be828e1ab84a995515b604b938e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json new file mode 100644 index 00000000000..9d056468dee --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49950", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.050", + "lastModified": "2025-06-18T11:15:22.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on open\n\nThe probe session-duplication overflow check incremented the session\ncount also when there were no more available sessions so that memory\nbeyond the fixed-size slab-allocated session array could be corrupted in\nfastrpc_session_alloc() on open()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf20c3533efc89578ace94fa20a9e63446223c72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d245f43aab2b61195d8ebb64cef7b5a08c590ab4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0578e603065f120a8759b75e0d6c216c7078a39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8632b8bb53ebc005d8f24a68a0c1f9678c0e908", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json new file mode 100644 index 00000000000..68370f234eb --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49951", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.167", + "lastModified": "2025-06-18T11:15:22.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix use-after-free during unregister\n\nIn the following code within firmware_upload_unregister(), the call to\ndevice_unregister() could result in the dev_release function freeing the\nfw_upload_priv structure before it is dereferenced for the call to\nmodule_put(). This bug was found by the kernel test robot using\nCONFIG_KASAN while running the firmware selftests.\n\n device_unregister(&fw_sysfs->dev);\n module_put(fw_upload_priv->module);\n\nThe problem is fixed by copying fw_upload_priv->module to a local variable\nfor use when calling device_unregister()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json new file mode 100644 index 00000000000..015b165b1b0 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49952", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.277", + "lastModified": "2025-06-18T11:15:22.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on probe\n\nAdd the missing sanity check on the probed-session count to avoid\ncorrupting memory beyond the fixed-size slab-allocated session array\nwhen there are more than FASTRPC_MAX_SESSIONS sessions defined in the\ndevicetree." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9baa1415d9abdd1e08362ea2dcfadfacee8690b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0425c2facd9166fa083f90c9f3187ace0c7837a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c99bc901d5eb9fbdd7bd39f625e170ce97390336", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec186b9f4aa2e6444d5308a6cc268aada7007639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json new file mode 100644 index 00000000000..e627ad9a4b9 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49953", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.397", + "lastModified": "2025-06-18T11:15:22.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: cm3605: Fix an error handling path in cm3605_probe()\n\nThe commit in Fixes also introduced a new error handling path which should\ngoto the existing error handling path.\nOtherwise some resources leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/160905549e663019e26395ed9d66c24ee2cf5187", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f7f49d8135cfe137c81316af64678f4dca1b82b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json new file mode 100644 index 00000000000..7710863989b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49954", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.500", + "lastModified": "2025-06-18T11:15:22.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 (\"Input:\niforce - wait for command completion when closing the device\") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json new file mode 100644 index 00000000000..4945ec6ab78 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49955", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.630", + "lastModified": "2025-06-18T11:15:22.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0x2fff01a8\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207\n NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)\n MSR: 0000000008001002 CR: 00000000 XER: 20000000\n ...\n NIP 0x2fff01a8\n LR 0x32608\n Call Trace:\n 0xc00000000143c5f8 (unreliable)\n .rtas_call+0x224/0x320\n .rtas_get_boot_time+0x70/0x150\n .read_persistent_clock64+0x114/0x140\n .read_persistent_wall_and_boot_offset+0x24/0x80\n .timekeeping_init+0x40/0x29c\n .start_kernel+0x674/0x8f0\n start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8b08d4f97233d8e58fff2fd9d5f86397a49733c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json new file mode 100644 index 00000000000..ad879b900bc --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49956", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.773", + "lastModified": "2025-06-18T11:15:22.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix use after free bugs\n\n_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()\nfunctions don't do anything except free the \"pcmd\" pointer. It\nresults in a use after free. Delete them." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19e3f69d19801940abc2ac37c169882769ed9770", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/376e15487fec837301d888068a3fcc82efb6171a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dce6b0ee7d78667d6c831ced957a08769973063", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9fd6170c5e2d0ccd027abe26f6f5ffc528e1bb27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b1727def850904e4b8ba384043775672841663a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0aac7146e96bf39e79c65087d21dfa02ef8db38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc02aaf950015850e7589696521c7fca767cea77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e230a4455ac3e9b112f0367d1b8e255e141afae0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json new file mode 100644 index 00000000000..5c69395cbe0 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-49957", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:22.897", + "lastModified": "2025-06-18T11:15:22.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json new file mode 100644 index 00000000000..1f4fdadc45c --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49958", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.013", + "lastModified": "2025-06-18T11:15:23.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix netdevice reference leaks in attach_default_qdiscs()\n\nIn attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails\nto attach qdisc because there is no memory in attach_one_default_qdisc().\nThen dev->qdisc will be noop_qdisc by default. But the other queues may be\nable to successfully attach to default qdisc.\n\nIn this case, the fallback to noqueue process will be triggered. If the\noriginal attached qdisc is not released and a new one is directly\nattached, this will cause netdevice reference leaks.\n\nThe following is the bug log:\n\nveth0: default qdisc (fq_codel) fail, fallback to noqueue\nunregister_netdevice: waiting for veth0 to become free. Usage count = 32\nleaked reference.\n qdisc_alloc+0x12e/0x210\n qdisc_create_dflt+0x62/0x140\n attach_one_default_qdisc.constprop.41+0x44/0x70\n dev_activate+0x128/0x290\n __dev_open+0x12a/0x190\n __dev_change_flags+0x1a2/0x1f0\n dev_change_flags+0x23/0x60\n do_setlink+0x332/0x1150\n __rtnl_newlink+0x52f/0x8e0\n rtnl_newlink+0x43/0x70\n rtnetlink_rcv_msg+0x140/0x3b0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1bb/0x290\n netlink_sendmsg+0x37c/0x4e0\n sock_sendmsg+0x5f/0x70\n ____sys_sendmsg+0x208/0x280\n\nFix this bug by clearing any non-noop qdiscs that may have been assigned\nbefore trying to re-attach." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0c6c522857151ac00150fd01baeebf231fb7d142", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/44dfa645895a56f65461249deb5b81cd16560e2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a420d587260185407eda9c5766cfa9bdd5c39a56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f612466ebecb12a00d9152344ddda6f6345f04dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json new file mode 100644 index 00000000000..876c2e165fe --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49959", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.127", + "lastModified": "2025-06-18T11:15:23.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp->upcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n hex dump (first 32 bytes):\n 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8.....\n 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(...\n backtrace:\n [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0\n [<000000000187d8bd>] ovs_dp_change+0x63/0xe0\n [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380\n [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150\n [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0\n [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100\n [<000000004959cece>] genl_rcv+0x24/0x40\n [<000000004699ac7f>] netlink_unicast+0x23e/0x360\n [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0\n [<000000006f4aa380>] sock_sendmsg+0x62/0x70\n [<00000000d0068654>] ____sys_sendmsg+0x230/0x270\n [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0\n [<0000000011776020>] __sys_sendmsg+0x59/0xa0\n [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90\n [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a87406f4adee9c53b311d8a1ba2849c69e29a6d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0c1c0241917459644326a1a3102207c871ae159", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca54b2bfaab385778e55a9fd33f6c31e7f743b48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json new file mode 100644 index 00000000000..456bc0d2b8a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49960", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.237", + "lastModified": "2025-06-18T11:15:23.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[ 2.554467] Call Trace:\n[ 2.554467] \n[ 2.554467] intel_bw_init_hw+0x14a/0x434\n[ 2.554467] ? _printk+0x59/0x73\n[ 2.554467] ? _dev_err+0x77/0x91\n[ 2.554467] i915_driver_hw_probe+0x329/0x33e\n[ 2.554467] i915_driver_probe+0x4c8/0x638\n[ 2.554467] i915_pci_probe+0xf8/0x14e\n[ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[ 2.554467] pci_device_probe+0xaa/0x142\n[ 2.554467] really_probe+0x13f/0x2f4\n[ 2.554467] __driver_probe_device+0x9e/0xd3\n[ 2.554467] driver_probe_device+0x24/0x7c\n[ 2.554467] __driver_attach+0xba/0xcf\n[ 2.554467] ? driver_attach+0x1f/0x1f\n[ 2.554467] bus_for_each_dev+0x8c/0xc0\n[ 2.554467] bus_add_driver+0x11b/0x1f7\n[ 2.554467] driver_register+0x60/0xea\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] i915_init+0x2c/0xb9\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] do_one_initcall+0x12e/0x2b3\n[ 2.554467] do_initcall_level+0xd6/0xf3\n[ 2.554467] do_initcalls+0x4e/0x79\n[ 2.554467] kernel_init_freeable+0xed/0x14d\n[ 2.554467] ? rest_init+0xc1/0xc1\n[ 2.554467] kernel_init+0x1a/0x120\n[ 2.554467] ret_from_fork+0x1f/0x30\n[ 2.554467] \n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2798203315f4729bab0b917bf4c17a159abf9f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json new file mode 100644 index 00000000000..353146db1f7 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49961", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.347", + "lastModified": "2025-06-18T11:15:23.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg->precise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 :\n 0: r2 = *(u32 *)(r1 + 80)\n 1: r1 = *(u32 *)(r1 + 76)\n 2: r3 = r1\n 3: r3 += 4\n 4: if r3 > r2 goto +18 \n 5: w2 = 0\n 6: *(u32 *)(r1 + 0) = r2\n 7: r1 = *(u32 *)(r1 + 0)\n 8: r2 = 1\n 9: if w1 == 0 goto +1 \n 10: r2 = -1\n\n0000000000000058 :\n 11: r1 = 0 ll\n 13: r3 = 0\n 14: call bpf_ringbuf_reserve\n 15: if r0 == 0 goto +7 \n 16: r1 = r0\n 17: r1 += 16777215\n 18: w2 = 0\n 19: *(u8 *)(r1 + 0) = r2\n 20: r1 = r0\n 21: r2 = 0\n 22: call bpf_ringbuf_submit\n\n00000000000000b8 :\n 23: w0 = 0\n 24: exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg->precise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg->precise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2459615a8d7f44ac81f0965bc094e55ccb254717", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2fc31465c5373b5ca4edf2e5238558cb62902311", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json new file mode 100644 index 00000000000..f299e3f1bbe --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49962", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.457", + "lastModified": "2025-06-18T11:15:23.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference in remove if xHC has only one roothub\n\nThe remove path in xhci platform driver tries to remove and put both main\nand shared hcds even if only a main hcd exists (one roothub)\n\nThis causes a null pointer dereference in reboot for those controllers.\n\nCheck that the shared_hcd exists before trying to remove it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4a593a62a9e3a25ab4bc37f612e4edec144f7f43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7081b2f34ff291ada012bd6abacaf7d51c4cf73f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json new file mode 100644 index 00000000000..e61becaec36 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49963", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.570", + "lastModified": "2025-06-18T11:15:23.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: fix CCS handling\n\nCrucible + recent Mesa seems to sometimes hit:\n\nGEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)\n\nAnd it looks like we can also trigger this with gem_lmem_swapping, if we\nmodify the test to use slightly larger object sizes.\n\nLooking closer it looks like we have the following issues in\nmigrate_copy():\n\n - We are using plain integer in various places, which we can easily\n overflow with a large object.\n\n - We pass the entire object size (when the src is lmem) into\n emit_pte() and then try to copy it, which doesn't work, since we\n only have a few fixed sized windows in which to map the pages and\n perform the copy. With an object > 8M we therefore aren't properly\n copying the pages. And then with an object > 64M we trigger the\n GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER).\n\nSo it looks like our copy handling for any object > 8M (which is our\nCHUNK_SZ) is currently broken on DG2.\n\nTestcase: igt@gem_lmem_swapping\n(cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8d905254162965c8e6be697d82c7dbf5d08f574d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97434cb55bd884bd268626ec41489f79b261b2d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json new file mode 100644 index 00000000000..992f2ecaf0a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49964", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.677", + "lastModified": "2025-06-18T11:15:23.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n | Modules linked in:\n | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : __alloc_pages+0x74/0x314\n | lr : alloc_pages+0xe8/0x318\n | Call trace:\n | __alloc_pages+0x74/0x314\n | alloc_pages+0xe8/0x318\n | kmalloc_order_trace+0x68/0x1dc\n | __kmalloc+0x240/0x338\n | detect_cache_attributes+0xe0/0x56c\n | update_siblings_masks+0x38/0x284\n | store_cpu_topology+0x78/0x84\n | smp_prepare_cpus+0x48/0x134\n | kernel_init_freeable+0xc4/0x14c\n | kernel_init+0x2c/0x1b4\n | ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/29906311b351e5398aff2c5dc209f8b6c9d6a410", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43b9af72751a98cb9c074b170fc244714aeb59d5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a754ee1c66bd0a23e613f0bf865053b29cb90e16", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e75d18cecbb3805895d8ed64da4f78575ec96043", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcab25a6b0ace130589d810390d1ce3698b53604", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json new file mode 100644 index 00000000000..e294f7ddaa2 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49965", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.797", + "lastModified": "2025-06-18T11:15:23.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics\n\nWithout these, potential memory leak may be induced." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/22a75c616f1971c23838506b14971a4ef4a66bd7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bac1c846eff8042dd59ddecd0a43f3b9de5fd23", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json new file mode 100644 index 00000000000..cb4ab752d5e --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49966", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:23.903", + "lastModified": "2025-06-18T11:15:23.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid\n\nTo avoid any potential memory leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a2d922a5618377cdf8fa476351362733ef55342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4d21584ac6392aa66171b7efd647ecd1a447556b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60d522f317078381ff8a3599fe808f96fc256cd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a89e753d5a9f3b321f4a3098e2755c5aabcff0af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json new file mode 100644 index 00000000000..28b4b652c89 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49967", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.013", + "lastModified": "2025-06-18T11:15:24.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0947ae1121083d363d522ff7518ee72b55bd8d29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba632ad0bacb13197a8f38e7526448974e87f292", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json new file mode 100644 index 00000000000..9bbb43cc19a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49968", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.123", + "lastModified": "2025-06-18T11:15:24.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n (FREE) | (USE)\n adf7242_remove | adf7242_channel\n cancel_delayed_work_sync |\n destroy_workqueue (1) | adf7242_cmd_rx\n | mod_delayed_work (2)\n |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json new file mode 100644 index 00000000000..4726cf4c76c --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49969", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.237", + "lastModified": "2025-06-18T11:15:24.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: clear optc underflow before turn off odm clock\n\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n\n[How]\nClear that if have when clock off." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3101839b080137c367f3f88c2a040f791de880aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c1dfeaeb3b4e3ea656041da1241e6ee3c3b3202", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ee30bcfdb32526233d2572f3d9ec371928679f1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/814b756d4ec3a8728debb116cf49005feada7750", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2a93490201300a749ad261b5c5d05cb50179c44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json new file mode 100644 index 00000000000..0c0021fd313 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49970", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.357", + "lastModified": "2025-06-18T11:15:24.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cgroup: Fix kernel BUG in purge_effective_progs\n\nSyzkaller reported a triggered kernel BUG as follows:\n\n ------------[ cut here ]------------\n kernel BUG at kernel/bpf/cgroup.c:925!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0\n Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84\n 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48\n 8b 0c5\n RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578\n RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000\n R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00\n FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0\n Call Trace:\n \n cgroup_bpf_prog_detach+0xcc/0x100\n __sys_bpf+0x2273/0x2a00\n __x64_sys_bpf+0x17/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f68214dbcb9\n Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff8\n RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9\n RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009\n RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003\n R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20\n R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n\nRepetition steps:\n\nFor the following cgroup tree,\n\n root\n |\n cg1\n |\n cg2\n\n 1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs\n attach type is NONE or OVERRIDE.\n 2. write 1 to /proc/thread-self/fail-nth for failslab.\n 3. detach prog1 for cg1, and then kernel BUG occur.\n\nFailslab injection will cause kmalloc fail and fall back to\npurge_effective_progs. The problem is that cg2 have attached another prog,\nso when go through cg2 layer, iteration will add pos to 1, and subsequent\noperations will be skipped by the following condition, and cg will meet\nNULL in the end.\n\n `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))`\n\nThe NULL cg means no link or prog match, this is as expected, and it's not\na bug. So here just skip the no match situation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/222bd95c89b135fde21f0bd0cb5cc1611c0c576c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d6620f107bae6ed687ff07668e8e8f855487aa9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1a05d3ae58299b040da4d5b27e72e81c2132e0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5f975e3ebfa57be13393c585a4b58ea707023cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json new file mode 100644 index 00000000000..e2d942d501a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49971", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.473", + "lastModified": "2025-06-18T11:15:24.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in\nsmu_v13_0_4_init_smc_tables(), but not freed in\nsmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b25bdb54578f3b96ff055e5d27bc1cb82950e51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5afb76522a0af0513b6dc01f84128a73206b051b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json new file mode 100644 index 00000000000..7d1a5e9a36a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49972", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.570", + "lastModified": "2025-06-18T11:15:24.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2c75891d56ab6fe5ba0d415bfad91d514a4027cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json new file mode 100644 index 00000000000..2b8cf171770 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49973", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.673", + "lastModified": "2025-06-18T11:15:24.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Fix wrong last sg check in sk_msg_recvmsg()\n\nFix one kernel NULL pointer dereference as below:\n\n[ 224.462334] Call Trace:\n[ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380\n[ 224.462441] ? sock_has_perm+0x78/0xa0\n[ 224.462463] tcp_bpf_recvmsg+0x12e/0x220\n[ 224.462494] inet_recvmsg+0x5b/0xd0\n[ 224.462534] __sys_recvfrom+0xc8/0x130\n[ 224.462574] ? syscall_trace_enter+0x1df/0x2e0\n[ 224.462606] ? __do_page_fault+0x2de/0x500\n[ 224.462635] __x64_sys_recvfrom+0x24/0x30\n[ 224.462660] do_syscall_64+0x5d/0x1d0\n[ 224.462709] entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nIn commit 9974d37ea75f (\"skmsg: Fix invalid last sg check in\nsk_msg_recvmsg()\"), we change last sg check to sg_is_last(),\nbut in sockmap redirection case (without stream_parser/stream_verdict/\nskb_verdict), we did not mark the end of the scatterlist. Check the\nsk_msg_alloc, sk_msg_page_add, and bpf_msg_push_data functions, they all\ndo not mark the end of sg. They are expected to use sg.end for end\njudgment. So the judgment of '(i != msg_rx->sg.end)' is added back here." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/10ee118a1756141f8e9c87aa7344ed12b41630a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/583585e48d965338e73e1eb383768d16e0922d73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de22cba333d8699ad77e79f862fe1320cb1284de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json new file mode 100644 index 00000000000..ae8236851b0 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49974", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.783", + "lastModified": "2025-06-18T11:15:24.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json new file mode 100644 index 00000000000..738d13d4d3a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49975", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:24.893", + "lastModified": "2025-06-18T11:15:24.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow->head is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6204bf78b2a903b96ba43afff6abc0b04d6e0462", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72f2dc8993f10262092745a88cb2dd0fef094f23", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a75987714bd2d8e59840667a28e15c1fa5c47554", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd1894224407c484f652ad456e1ce423e89bb3eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json new file mode 100644 index 00000000000..8df8912b4ad --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49976", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.007", + "lastModified": "2025-06-18T11:15:25.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS\n\nThe x86-android-tablets handling for the Chuwi Hi8 is only necessary with\nthe Android BIOS and it is causing problems with the Windows BIOS version.\n\nSpecifically when trying to register the already present touchscreen\nx86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks\nthe working of the touchscreen and also leads to an oops:\n\n[ 14.248946] ------------[ cut here ]------------\n[ 14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00'\n[ 14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry\n...\n[ 14.249293] unregister_irq_proc+0xe0/0x100\n[ 14.249305] free_desc+0x29/0x70\n[ 14.249312] irq_free_descs+0x4b/0x80\n[ 14.249320] mp_unmap_irq+0x5c/0x60\n[ 14.249329] acpi_unregister_gsi_ioapic+0x2a/0x40\n[ 14.249338] x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets]\n[ 14.249355] x86_android_tablet_init+0x178/0xe34 [x86_android_tablets]\n\nAdd an init callback for the Chuwi Hi8, which detects when the Windows BIOS\nis in use and exits with -ENODEV in that case, fixing this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2986c51540ed50ac654ffb5a772e546c02628c91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c77b724cddfb8ac1291a60e3e68937e62cbfc5e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json new file mode 100644 index 00000000000..4e542808aff --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49977", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.120", + "lastModified": "2025-06-18T11:15:25.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead\n\nftrace_startup does not remove ops from ftrace_ops_list when\nftrace_startup_enable fails:\n\nregister_ftrace_function\n ftrace_startup\n __register_ftrace_function\n ...\n add_ftrace_ops(&ftrace_ops_list, ops)\n ...\n ...\n ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1\n ...\n return 0 // ops is in the ftrace_ops_list.\n\nWhen ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:\nunregister_ftrace_function\n ftrace_shutdown\n if (unlikely(ftrace_disabled))\n return -ENODEV; // return here, __unregister_ftrace_function is not executed,\n // as a result, ops is still in the ftrace_ops_list\n __unregister_ftrace_function\n ...\n\nIf ops is dynamically allocated, it will be free later, in this case,\nis_ftrace_trampoline accesses NULL pointer:\n\nis_ftrace_trampoline\n ftrace_ops_trampoline\n do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!\n\nSyzkaller reports as follows:\n[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b\n[ 1203.508039] #PF: supervisor read access in kernel mode\n[ 1203.508798] #PF: error_code(0x0000) - not-present page\n[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0\n[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI\n[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8\n[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0\n[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00\n[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246\n[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866\n[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b\n[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07\n[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399\n[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008\n[ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000\n[ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0\n[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nTherefore, when ftrace_startup_enable fails, we need to rollback registration\nprocess and remove ops from ftrace_ops_list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/934e49f7d696afdae9f979abe3f308408184e17b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3b0f72e805f0801f05fa2aa52011c4bfc694c44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d81bd6671f45fde4c3ac7fd7733c6e3082ae9d8e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dbd8c8fc60480e3faa3ae7e27ebe03371ecd1b77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ddffe882d74ef43a3494f0ab0c24baf076c45f96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e4ae97295984ff1b9b340ed18ae1b066f36b7835", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json new file mode 100644 index 00000000000..7d2c4e8b867 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49978", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.243", + "lastModified": "2025-06-18T11:15:25.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var->pixclock` won't be modified. This function checks\nwhether reciprocal of `var->pixclock` is too high. If `var->pixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n \n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json new file mode 100644 index 00000000000..0142a38956f --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49979", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.363", + "lastModified": "2025-06-18T11:15:25.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n \n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n \n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a0133723f9ebeb751cfce19f74ec07e108bef1f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61cc798591a36ca27eb7d8d6c09bf20e50a59968", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86026be8535c16fcc5e4f960286faf04d7f77815", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5d1cb908131e939bd8b63b8e5e23365bbc2edaf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json new file mode 100644 index 00000000000..d712b711339 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49980", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.480", + "lastModified": "2025-06-18T11:15:25.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc->driver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield. If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2191c00855b03aa59c20e698be713d952d51fc18", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f44b0b95d50fffeca036e1ba36770390e0b519dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json new file mode 100644 index 00000000000..9696c80149b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49981", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.597", + "lastModified": "2025-06-18T11:15:25.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hidraw: fix memory leak in hidraw_release()\n\nFree the buffered reports before deleting the list entry.\n\nBUG: memory leak\nunreferenced object 0xffff88810e72f180 (size 32):\n comm \"softirq\", pid 0, jiffies 4294945143 (age 16.080s)\n hex dump (first 32 bytes):\n 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kmemdup+0x23/0x50 mm/util.c:128\n [] kmemdup include/linux/fortify-string.h:440 [inline]\n [] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521\n [] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992\n [] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065\n [] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284\n [] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670\n [] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747\n [] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n [] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474\n [] expire_timers kernel/time/timer.c:1519 [inline]\n [] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790\n [] __run_timers kernel/time/timer.c:1768 [inline]\n [] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803\n [] __do_softirq+0xe6/0x2ea kernel/softirq.c:571\n [] invoke_softirq kernel/softirq.c:445 [inline]\n [] __irq_exit_rcu kernel/softirq.c:650 [inline]\n [] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662\n [] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106\n [] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649\n [] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]\n [] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]\n [] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]\n [] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1bea0bbf66001b0c7bf239a4d70eaf47824d3feb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52a3c62a815161c2dcf38ac421f6c41d8679462b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53c7c4d5d40b45c127cb1193bf3e9670f844c3cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e2fa79226580b035b00260d9f240ab9bda4af5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5623a203cffe2d2b84d2f6c989d9017db1856af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c06b013f5cbfeafe0a9cfa5a7128604c34e0e517", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dfd27a737283313a3e626e97b9d9b2d8d6a94188", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5b7e9611cffec345d62d5bdd8b6e30e89956818", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json new file mode 100644 index 00000000000..23436a2684a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49982", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.720", + "lastModified": "2025-06-18T11:15:25.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix memory leak in pvr_probe\n\nThe error handling code in pvr2_hdw_create forgets to unregister the\nv4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,\nit calls pvr2_context_destroy to destroy context, but mp->hdw is NULL,\nwhich leads to that pvr2_hdw_destroy directly returns.\n\nFix this by adding v4l2_device_unregister to decrease the refcount of\nusb interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/466b67c0543b2ae67814d053f6e29b39be6b33bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/491762b3250fb06a0c97b5198656ea48359eaeed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/945a9a8e448b65bec055d37eba58f711b39f66f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba7dd8a9686a61a34b3a7b922ce721378d4740d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bacb37bdc2a21c8f7fdc83dcc0dea2f4ca1341fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c02d2a91a85c4c4d05826cd1ea74a9b8d42e4280", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2f6e67522916f53ad8ccd4dbe68dcf76e9776e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json new file mode 100644 index 00000000000..8db84af0982 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-49983", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.840", + "lastModified": "2025-06-18T11:15:25.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: Set the DMA mask for the udmabuf device (v2)\n\nIf the DMA mask is not set explicitly, the following warning occurs\nwhen the userspace tries to access the dma-buf via the CPU as\nreported by syzbot here:\n\nWARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188\n__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nModules linked in:\nCPU: 0 PID: 3595 Comm: syz-executor249 Not tainted\n5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nRIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nCode: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0\n83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45\n 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00\nRSP: 0018:ffffc90002a07d68 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408\nRBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f\nR10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002\nR13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000\nFS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264\n get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72\n begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126\n dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164\n dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f62fcf530f9\nCode: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9\nRDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006\nRBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n\nv2: Dont't forget to deregister if DMA mask setup fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/63d8c1933ed280717f934e2bc2edd869bb66f329", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/872875c9ecf8fa2e1d82bb2f2f1963f571aa8959", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e9fa6a9198b767b00f48160800128e83a038f9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e658538c610c6047b3c9f552e73801894d9284b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2f6ea1a8da1317430a84701fc0170449ee88315", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json new file mode 100644 index 00000000000..56d948326af --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49984", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:25.953", + "lastModified": "2025-06-18T11:15:25.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report\n\nIt is possible for a malicious device to forgo submitting a Feature\nReport. The HID Steam driver presently makes no prevision for this\nand de-references the 'struct hid_report' pointer obtained from the\nHID devices without first checking its validity. Let's change that." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json new file mode 100644 index 00000000000..6afc0b3754d --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49985", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.067", + "lastModified": "2025-06-18T11:15:26.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't use tnum_range on array range checking for poke descriptors\n\nHsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which\nis based on a customized syzkaller:\n\n BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0\n Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489\n CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x9c/0xc9\n print_address_description.constprop.0+0x1f/0x1f0\n ? bpf_int_jit_compile+0x1257/0x13f0\n kasan_report.cold+0xeb/0x197\n ? kvmalloc_node+0x170/0x200\n ? bpf_int_jit_compile+0x1257/0x13f0\n bpf_int_jit_compile+0x1257/0x13f0\n ? arch_prepare_bpf_dispatcher+0xd0/0xd0\n ? rcu_read_lock_sched_held+0x43/0x70\n bpf_prog_select_runtime+0x3e8/0x640\n ? bpf_obj_name_cpy+0x149/0x1b0\n bpf_prog_load+0x102f/0x2220\n ? __bpf_prog_put.constprop.0+0x220/0x220\n ? find_held_lock+0x2c/0x110\n ? __might_fault+0xd6/0x180\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_is_held_type+0xa6/0x120\n ? __might_fault+0x147/0x180\n __sys_bpf+0x137b/0x6070\n ? bpf_perf_link_attach+0x530/0x530\n ? new_sync_read+0x600/0x600\n ? __fget_files+0x255/0x450\n ? lock_downgrade+0x6e0/0x6e0\n ? fput+0x30/0x1a0\n ? ksys_write+0x1a8/0x260\n __x64_sys_bpf+0x7a/0xc0\n ? syscall_enter_from_user_mode+0x21/0x70\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f917c4e2c2d\n\nThe problem here is that a range of tnum_range(0, map->max_entries - 1) has\nlimited ability to represent the concrete tight range with the tnum as the\nset of resulting states from value + mask can result in a superset of the\nactual intended range, and as such a tnum_in(range, reg->var_off) check may\nyield true when it shouldn't, for example tnum_range(0, 2) would result in\n00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here\nrepresented by a less precise superset of {0, 1, 2, 3}. As the register is\nknown const scalar, really just use the concrete reg->var_off.value for the\nupper index check." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4f672112f8665102a5842c170be1713f8ff95919", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a36df92c7ff7ecde2fb362241d0ab024dddd0597", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a657182a5c5150cdfacb6640aad1d2712571a409", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8979807178434db8ceaa84dfcd44363e71e50bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json new file mode 100644 index 00000000000..a328a06a9d7 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49986", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.183", + "lastModified": "2025-06-18T11:15:26.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\n\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure. Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue. In the current state it causes the following\nwarning:\n\n[ 14.506347] ------------[ cut here ]------------\n[ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n\t\t<-snip->\n[ 14.506408] Call Trace:\n[ 14.506412] __flush_work+0xf1/0x1c0\n[ 14.506414] __cancel_work_timer+0x12f/0x1b0\n[ 14.506417] ? kernfs_put+0xf0/0x190\n[ 14.506418] cancel_delayed_work_sync+0x13/0x20\n[ 14.506420] disk_block_events+0x78/0x80\n[ 14.506421] del_gendisk+0x3d/0x2f0\n[ 14.506423] sr_remove+0x28/0x70\n[ 14.506427] device_release_driver_internal+0xef/0x1c0\n[ 14.506428] device_release_driver+0x12/0x20\n[ 14.506429] bus_remove_device+0xe1/0x150\n[ 14.506431] device_del+0x167/0x380\n[ 14.506432] __scsi_remove_device+0x11d/0x150\n[ 14.506433] scsi_remove_device+0x26/0x40\n[ 14.506434] storvsc_remove_lun+0x40/0x60\n[ 14.506436] process_one_work+0x209/0x400\n[ 14.506437] worker_thread+0x34/0x400\n[ 14.506439] kthread+0x121/0x140\n[ 14.506440] ? process_one_work+0x400/0x400\n[ 14.506441] ? kthread_park+0x90/0x90\n[ 14.506443] ret_from_fork+0x35/0x40\n[ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/46fcb0fc884db78a0384be92cc2a51927e6581b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/828f57ac75eaccd6607ee4d1468d34e983e32c68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4c928ace9a123629eeb14ec5d7ee8f73e5ac668", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b692c238ddfa61f00d97c4c1f021425d132ba96f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd2a50d0a097a42b6de283377da98ff757505120", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d957e7ffb2c72410bcc1a514153a46719255a5da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json new file mode 100644 index 00000000000..31acadac59b --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-49987", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.303", + "lastModified": "2025-06-18T11:15:26.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: call __md_stop_writes in md_stop\n\nFrom the link [1], we can see raid1d was running even after the path\nraid_dtr -> md_stop -> __md_stop.\n\nLet's stop write first in destructor to align with normal md-raid to\nfix the KASAN issue.\n\n[1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1678ca35b80a94d474fdc31e2497ce5d7ed52512", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/661c01b2181d9413c799127f13143583b69f20fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/690b5c90fd2d81fd1d2b6110fa36783232f6dce2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e7fb19f1a744fd34e982633ced756fee0498ef7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5a58fab556bfe618b4c9719eb85712d78c6cb10", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f42a9819ba84bed2e609a4dff56af37063dcabdc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49988.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49988.json new file mode 100644 index 00000000000..dbb511f6d08 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49988.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49988", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.420", + "lastModified": "2025-06-18T11:15:26.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder_alloc: add missing mmap_lock calls when using the VMA\n\nTake the mmap_read_lock() when using the VMA in binder_alloc_print_pages()\nand when checking for a VMA in binder_alloc_new_buf_locked().\n\nIt is worth noting binder_alloc_new_buf_locked() drops the VMA read lock\nafter it verifies a VMA exists, but may be taken again deeper in the call\nstack, if necessary." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/44e602b4e52f70f04620bbbf4fe46ecb40170bde", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/577d9c05cc48c5242bcf719c06a5baf3105473ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b0163c1b07b7ff1717aa975821c40df98786ddc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json new file mode 100644 index 00000000000..c402c28ee8d --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49989", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.530", + "lastModified": "2025-06-18T11:15:26.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix error exit of privcmd_ioctl_dm_op()\n\nThe error exit of privcmd_ioctl_dm_op() is calling unlock_pages()\npotentially with pages being NULL, leading to a NULL dereference.\n\nAdditionally lock_pages() doesn't check for pin_user_pages_fast()\nhaving been completely successful, resulting in potentially not\nlocking all pages into memory. This could result in sporadic failures\nwhen using the related memory in user mode.\n\nFix all of that by calling unlock_pages() always with the real number\nof pinned pages, which will be zero in case pages being NULL, and by\nchecking the number of pages pinned by pin_user_pages_fast() matching\nthe expected number of pages." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/45d47bd9b96e7874b98dbcc7602fe2826c5d62a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6de50db104af0dc921f593fd95c55db86a52ceef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2b7bae7c90051fd6a679d5dee00400d67ebbf4a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5deb27895e017a0267de0a20d140ad5fcc55a54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json new file mode 100644 index 00000000000..e77a1c4462e --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-49990", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.637", + "lastModified": "2025-06-18T11:15:26.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: fix double free of GS and RI CBs on fork() failure\n\nThe pointers for guarded storage and runtime instrumentation control\nblocks are stored in the thread_struct of the associated task. These\npointers are initially copied on fork() via arch_dup_task_struct()\nand then cleared via copy_thread() before fork() returns. If fork()\nhappens to fail after the initial task dup and before copy_thread(),\nthe newly allocated task and associated thread_struct memory are\nfreed via free_task() -> arch_release_task_struct(). This results in\na double free of the guarded storage and runtime info structs\nbecause the fields in the failed task still refer to memory\nassociated with the source task.\n\nThis problem can manifest as a BUG_ON() in set_freepointer() (with\nCONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled)\nwhen running trinity syscall fuzz tests on s390x. To avoid this\nproblem, clear the associated pointer fields in\narch_dup_task_struct() immediately after the new task is copied.\nNote that the RI flag is still cleared in copy_thread() because it\nresides in thread stack memory and that is where stack info is\ncopied." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13cccafe0edcd03bf1c841de8ab8a1c8e34f77d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25a95303b9e513cd2978aacc385d06e6fec23d07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/297ae7e87a87a001dd3dfeac1cb26a42fd929708", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8195e065abf3df84eb0ad2987e76a40f21d1791c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cacd522e6652fbc2dc0cc6ae11c4e30782fef14b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fbdc482d43eda40a70de4b0155843d5472f6de62", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json new file mode 100644 index 00000000000..23ba71d9994 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49991", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.753", + "lastModified": "2025-06-18T11:15:26.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte\n\nIn MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page\ncache are installed in the ptes. But hugepage_add_new_anon_rmap is called\nfor them mistakenly because they're not vm_shared. This will corrupt the\npage->mapping used by page cache code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3ada1b3e58db255a14ec73a59d7913e84dc5a8a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab74ef708dc51df7cf2b8a890b9c6990fac5c0c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da60ddd80d09f8371fbba1a238a4b318d13ba698", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json new file mode 100644 index 00000000000..67548279376 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49992", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.870", + "lastModified": "2025-06-18T11:15:26.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mprotect: only reference swap pfn page if type match\n\nYu Zhao reported a bug after the commit \"mm/swap: Add swp_offset_pfn() to\nfetch PFN from swap entry\" added a check in swp_offset_pfn() for swap type [1]:\n\n kernel BUG at include/linux/swapops.h:117!\n CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2\n RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0\n Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6\n c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b\n 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48\n RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282\n RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000\n RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b\n RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000\n R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738\n R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a\n FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n change_pte_range+0x36e/0x880\n change_p4d_range+0x2e8/0x670\n change_protection_range+0x14e/0x2c0\n mprotect_fixup+0x1ee/0x330\n do_mprotect_pkey+0x34c/0x440\n __x64_sys_mprotect+0x1d/0x30\n\nIt triggers because pfn_swap_entry_to_page() could be called upon e.g. a\ngenuine swap entry.\n\nFix it by only calling it when it's a write migration entry where the page*\nis used.\n\n[1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d2f78f08cd8388035ac375e731ec1ac1b79b09d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5fcf81e308d1f4ae95f31690d2a80b7061385ff9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json new file mode 100644 index 00000000000..c2453b69ecc --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-49993", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:26.977", + "lastModified": "2025-06-18T11:15:26.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Check for overflow while configuring loop\n\nThe userspace can configure a loop using an ioctl call, wherein\na configuration of type loop_config is passed (see lo_ioctl()'s\ncase on line 1550 of drivers/block/loop.c). This proceeds to call\nloop_configure() which in turn calls loop_set_status_from_info()\n(see line 1050 of loop.c), passing &config->info which is of type\nloop_info64*. This function then sets the appropriate values, like\nthe offset.\n\nloop_device has lo_offset of type loff_t (see line 52 of loop.c),\nwhich is typdef-chained to long long, whereas loop_info64 has\nlo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h).\n\nThe function directly copies offset from info to the device as\nfollows (See line 980 of loop.c):\n\tlo->lo_offset = info->lo_offset;\n\nThis results in an overflow, which triggers a warning in iomap_iter()\ndue to a call to iomap_iter_done() which has:\n\tWARN_ON_ONCE(iter->iomap.offset > iter->pos);\n\nThus, check for negative value during loop_set_status_from_info().\n\nBug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0455bef69028c65065f16bb04635591b2374249b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9be7fa7ead18a48940df7b59d993bbc8b9055c15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a217715338fd48f72114725aa7a40e484a781ca7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adf0112d9b8acb03485624220b4934f69bf13369", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b40877b8562c5720d0a7fce20729f56b75a3dede", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c490a0b5a4f36da3918181a8acdc6991d967c5f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json new file mode 100644 index 00000000000..87ddb278096 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49994", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.107", + "lastModified": "2025-06-18T11:15:27.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbootmem: remove the vmemmap pages from kmemleak in put_page_bootmem\n\nThe vmemmap pages is marked by kmemleak when allocated from memblock. \nRemove it from kmemleak when freeing the page. Otherwise, when we reuse\nthe page, kmemleak may report such an error and then stop working.\n\n kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)\n kmemleak: Kernel memory leak detector disabled\n kmemleak: Object 0xffff98fb6be00000 (size 335544320):\n kmemleak: comm \"swapper\", pid 0, jiffies 4294892296\n kmemleak: min_count = 0\n kmemleak: count = 0\n kmemleak: flags = 0x1\n kmemleak: checksum = 0\n kmemleak: backtrace:" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json new file mode 100644 index 00000000000..f1c2cbd1515 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49995", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.227", + "lastModified": "2025-06-18T11:15:27.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: avoid use-after-free after removing device\n\nWhen a disk is removed, bdi_unregister gets called to stop further\nwriteback and wait for associated delayed work to complete. However,\nwb_inode_writeback_end() may schedule bandwidth estimation dwork after\nthis has completed, which can result in the timer attempting to access the\njust freed bdi_writeback.\n\nFix this by checking if the bdi_writeback is alive, similar to when\nscheduling writeback work.\n\nSince this requires wb->work_lock, and wb_inode_writeback_end() may get\ncalled from interrupt, switch wb->work_lock to an irqsafe lock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json new file mode 100644 index 00000000000..35852c2383f --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49996", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.337", + "lastModified": "2025-06-18T11:15:27.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix possible memory leak in btrfs_get_dev_args_from_path()\n\nIn btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if\nthe path is invalid. In this case, btrfs_get_dev_args_from_path()\nreturns directly without freeing args->uuid and args->fsid allocated\nbefore, which causes memory leak.\n\nTo fix these possible leaks, when btrfs_get_bdev_and_sb() fails,\nbtrfs_put_dev_args_from_path() is called to clean up the memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b124ad87244cd7f0883c5eaa38d2326b2154cad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f52402c77013e4a826394b807dd5ea4dc83bd72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ea0106a7a3d8116860712e3f17cd52ce99f6707", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json new file mode 100644 index 00000000000..0d26cbeae87 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-49997", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.447", + "lastModified": "2025-06-18T11:15:27.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq_xrx200: restore buffer if memory allocation failed\n\nIn a situation where memory allocation fails, an invalid buffer address\nis stored. When this descriptor is used again, the system panics in the\nbuild_skb() function when accessing memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3ef2786e32d93e562cd40601248a14ae090de873", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9c3b1775f80fa21f5bff874027d2ccb10f5d90c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json new file mode 100644 index 00000000000..58b0d582930 --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-49998", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.557", + "lastModified": "2025-06-18T11:15:27.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix locking in rxrpc's sendmsg\n\nFix three bugs in the rxrpc's sendmsg implementation:\n\n (1) rxrpc_new_client_call() should release the socket lock when returning\n an error from rxrpc_get_call_slot().\n\n (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex\n held in the event that we're interrupted by a signal whilst waiting\n for tx space on the socket or relocking the call mutex afterwards.\n\n Fix this by: (a) moving the unlock/lock of the call mutex up to\n rxrpc_send_data() such that the lock is not held around all of\n rxrpc_wait_for_tx_window*() and (b) indicating to higher callers\n whether we're return with the lock dropped. Note that this means\n recvmsg() will not block on this call whilst we're waiting.\n\n (3) After dropping and regaining the call mutex, rxrpc_send_data() needs\n to go and recheck the state of the tx_pending buffer and the\n tx_total_len check in case we raced with another sendmsg() on the same\n call.\n\nThinking on this some more, it might make sense to have different locks for\nsendmsg() and recvmsg(). There's probably no need to make recvmsg() wait\nfor sendmsg(). It does mean that recvmsg() can return MSG_EOR indicating\nthat a call is dead before a sendmsg() to that call returns - but that can\ncurrently happen anyway.\n\nWithout fix (2), something like the following can be induced:\n\n\tWARNING: bad unlock balance detected!\n\t5.16.0-rc6-syzkaller #0 Not tainted\n\t-------------------------------------\n\tsyz-executor011/3597 is trying to release lock (&call->user_mutex) at:\n\t[] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\tbut there are no more locks to release!\n\n\tother info that might help us debug this:\n\tno locks held by syz-executor011/3597.\n\t...\n\tCall Trace:\n\t \n\t __dump_stack lib/dump_stack.c:88 [inline]\n\t dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n\t print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]\n\t __lock_release kernel/locking/lockdep.c:5306 [inline]\n\t lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657\n\t __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900\n\t rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\t rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561\n\t sock_sendmsg_nosec net/socket.c:704 [inline]\n\t sock_sendmsg+0xcf/0x120 net/socket.c:724\n\t ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n\t ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n\t __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n\t do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n\t do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n\t entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thanks to Hawkins Jiawei and Khalid Masum for their attempts to fix this]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/091dc91e119fdd61432347231724f4e861c6b465", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2bc769b8edb158be7379d15f36e23d66cf850053", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79e2ca7aa96e80961828ab6312264633b66183cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0f571ecd7943423c25947439045f0d352ca3dbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json new file mode 100644 index 00000000000..5b691c1ac6a --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49999", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.673", + "lastModified": "2025-06-18T11:15:27.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix space cache corruption and potential double allocations\n\nWhen testing space_cache v2 on a large set of machines, we encountered a\nfew symptoms:\n\n1. \"unable to add free space :-17\" (EEXIST) errors.\n2. Missing free space info items, sometimes caught with a \"missing free\n space info for X\" error.\n3. Double-accounted space: ranges that were allocated in the extent tree\n and also marked as free in the free space tree, ranges that were\n marked as allocated twice in the extent tree, or ranges that were\n marked as free twice in the free space tree. If the latter made it\n onto disk, the next reboot would hit the BUG_ON() in\n add_new_free_space().\n4. On some hosts with no on-disk corruption or error messages, the\n in-memory space cache (dumped with drgn) disagreed with the free\n space tree.\n\nAll of these symptoms have the same underlying cause: a race between\ncaching the free space for a block group and returning free space to the\nin-memory space cache for pinned extents causes us to double-add a free\nrange to the space cache. This race exists when free space is cached\nfrom the free space tree (space_cache=v2) or the extent tree\n(nospace_cache, or space_cache=v1 if the cache needs to be regenerated).\nstruct btrfs_block_group::last_byte_to_unpin and struct\nbtrfs_block_group::progress are supposed to protect against this race,\nbut commit d0c2f4fa555e (\"btrfs: make concurrent fsyncs wait less when\nwaiting for a transaction commit\") subtly broke this by allowing\nmultiple transactions to be unpinning extents at the same time.\n\nSpecifically, the race is as follows:\n\n1. An extent is deleted from an uncached block group in transaction A.\n2. btrfs_commit_transaction() is called for transaction A.\n3. btrfs_run_delayed_refs() -> __btrfs_free_extent() runs the delayed\n ref for the deleted extent.\n4. __btrfs_free_extent() -> do_free_extent_accounting() ->\n add_to_free_space_tree() adds the deleted extent back to the free\n space tree.\n5. do_free_extent_accounting() -> btrfs_update_block_group() ->\n btrfs_cache_block_group() queues up the block group to get cached.\n block_group->progress is set to block_group->start.\n6. btrfs_commit_transaction() for transaction A calls\n switch_commit_roots(). It sets block_group->last_byte_to_unpin to\n block_group->progress, which is block_group->start because the block\n group hasn't been cached yet.\n7. The caching thread gets to our block group. Since the commit roots\n were already switched, load_free_space_tree() sees the deleted extent\n as free and adds it to the space cache. It finishes caching and sets\n block_group->progress to U64_MAX.\n8. btrfs_commit_transaction() advances transaction A to\n TRANS_STATE_SUPER_COMMITTED.\n9. fsync calls btrfs_commit_transaction() for transaction B. Since\n transaction A is already in TRANS_STATE_SUPER_COMMITTED and the\n commit is for fsync, it advances.\n10. btrfs_commit_transaction() for transaction B calls\n switch_commit_roots(). This time, the block group has already been\n cached, so it sets block_group->last_byte_to_unpin to U64_MAX.\n11. btrfs_commit_transaction() for transaction A calls\n btrfs_finish_extent_commit(), which calls unpin_extent_range() for\n the deleted extent. It sees last_byte_to_unpin set to U64_MAX (by\n transaction B!), so it adds the deleted extent to the space cache\n again!\n\nThis explains all of our symptoms above:\n\n* If the sequence of events is exactly as described above, when the free\n space is re-added in step 11, it will fail with EEXIST.\n* If another thread reallocates the deleted extent in between steps 7\n and 11, then step 11 will silently re-add that space to the space\n cache as free even though it is actually allocated. Then, if that\n space is allocated *again*, the free space tree will be corrupted\n (namely, the wrong item will be deleted).\n* If we don't catch this free space tree corr\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/92dc4c1a8e58bcc7a183a4c86b055c24cc88d967", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2e54eb64229f07f917b05d0c323604fda9b89f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ced8ecf026fd8084cf175530ff85c76d6085d715", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json new file mode 100644 index 00000000000..7046dd44ea8 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50000", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.817", + "lastModified": "2025-06-18T11:15:27.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: fix stuck flows on cleanup due to pending work\n\nTo clear the flow table on flow table free, the following sequence\nnormally happens in order:\n\n 1) gc_step work is stopped to disable any further stats/del requests.\n 2) All flow table entries are set to teardown state.\n 3) Run gc_step which will queue HW del work for each flow table entry.\n 4) Waiting for the above del work to finish (flush).\n 5) Run gc_step again, deleting all entries from the flow table.\n 6) Flow table is freed.\n\nBut if a flow table entry already has pending HW stats or HW add work\nstep 3 will not queue HW del work (it will be skipped), step 4 will wait\nfor the pending add/stats to finish, and step 5 will queue HW del work\nwhich might execute after freeing of the flow table.\n\nTo fix the above, this patch flushes the pending work, then it sets the\nteardown flag to all flows in the flowtable and it forces a garbage\ncollector run to queue work to remove the flows from hardware, then it\nflushes this new pending work and (finally) it forces another garbage\ncollector run to remove the entry from the software flowtable.\n\nStack trace:\n[47773.882335] BUG: KASAN: use-after-free in down_read+0x99/0x460\n[47773.883634] Write of size 8 at addr ffff888103b45aa8 by task kworker/u20:6/543704\n[47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 Not tainted 5.12.0-rc7+ #2\n[47773.886745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n[47773.888438] Workqueue: nf_ft_offload_del flow_offload_work_handler [nf_flow_table]\n[47773.889727] Call Trace:\n[47773.890214] dump_stack+0xbb/0x107\n[47773.890818] print_address_description.constprop.0+0x18/0x140\n[47773.892990] kasan_report.cold+0x7c/0xd8\n[47773.894459] kasan_check_range+0x145/0x1a0\n[47773.895174] down_read+0x99/0x460\n[47773.899706] nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table]\n[47773.907137] flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table]\n[47773.913372] process_one_work+0x8ac/0x14e0\n[47773.921325]\n[47773.921325] Allocated by task 592159:\n[47773.922031] kasan_save_stack+0x1b/0x40\n[47773.922730] __kasan_kmalloc+0x7a/0x90\n[47773.923411] tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct]\n[47773.924363] tcf_ct_init+0x71c/0x1156 [act_ct]\n[47773.925207] tcf_action_init_1+0x45b/0x700\n[47773.925987] tcf_action_init+0x453/0x6b0\n[47773.926692] tcf_exts_validate+0x3d0/0x600\n[47773.927419] fl_change+0x757/0x4a51 [cls_flower]\n[47773.928227] tc_new_tfilter+0x89a/0x2070\n[47773.936652]\n[47773.936652] Freed by task 543704:\n[47773.937303] kasan_save_stack+0x1b/0x40\n[47773.938039] kasan_set_track+0x1c/0x30\n[47773.938731] kasan_set_free_info+0x20/0x30\n[47773.939467] __kasan_slab_free+0xe7/0x120\n[47773.940194] slab_free_freelist_hook+0x86/0x190\n[47773.941038] kfree+0xce/0x3a0\n[47773.941644] tcf_ct_flow_table_cleanup_work\n\nOriginal patch description and stack trace by Paul Blakey." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/89e135a36a9eb81412b5459df94a80995ce62eef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fbdec08dbf7d7ab8e35bdc65eb4394bc82d1e26", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9afb4b27349a499483ae0134282cefd0c90f480f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json new file mode 100644 index 00000000000..02601ff7db3 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50001", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:27.950", + "lastModified": "2025-06-18T11:15:27.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tproxy: restrict to prerouting hook\n\nTPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.\nThis fixes a crash (null dereference) when using tproxy from e.g. output." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b21edf4cc13516716848e0a4fdf726aa2a62cd9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/18bbc3213383a82b05383827f4b1b882e3f0a5a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/343fed6b0daeb528ae5c9d4d84d9ff763ac95619", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83ef55c4281f1b4c6bd4457c2e96ccd1c9e80200", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a1d92cbeac3335fee99fa865b8c5b0f2e71a8f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eaba3f9b672c3a3f820da8ee9584b9520674eafa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json new file mode 100644 index 00000000000..73ad89a86d8 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50002", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.063", + "lastModified": "2025-06-18T11:15:28.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY\n\nOnly set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered.\nDoing so guarantees that both ldev->pf[MLX5_LAG_P0].dev and\nldev->pf[MLX5_LAG_P1].dev have valid pointers when\nMLX5_LAG_FLAG_NDEVS_READY is set.\n\nThe core issue is asymmetry in setting MLX5_LAG_FLAG_NDEVS_READY and\nclearing it. Setting it is done wrongly when both\nldev->pf[MLX5_LAG_P0].dev and ldev->pf[MLX5_LAG_P1].dev are set;\nclearing it is done right when either of ldev->pf[i].netdev is cleared.\n\nConsider the following scenario:\n1. PF0 loads and sets ldev->pf[MLX5_LAG_P0].dev to a valid pointer\n2. PF1 loads and sets both ldev->pf[MLX5_LAG_P1].dev and\n ldev->pf[MLX5_LAG_P1].netdev with valid pointers. This results in\n MLX5_LAG_FLAG_NDEVS_READY is set.\n3. PF0 is unloaded before setting dev->pf[MLX5_LAG_P0].netdev.\n MLX5_LAG_FLAG_NDEVS_READY remains set.\n\nFurther execution of mlx5_do_bond() will result in null pointer\ndereference when calling mlx5_lag_is_multipath()\n\nThis patch fixes the following call trace actually encountered:\n\n[ 1293.475195] BUG: kernel NULL pointer dereference, address: 00000000000009a8\n[ 1293.478756] #PF: supervisor read access in kernel mode\n[ 1293.481320] #PF: error_code(0x0000) - not-present page\n[ 1293.483686] PGD 0 P4D 0\n[ 1293.484434] Oops: 0000 [#1] SMP PTI\n[ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 Not tainted 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1\n[ 1293.488039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 1293.490836] Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n[ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core]\n[ 1293.494044] Code: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8\n[ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202\n[ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000\n[ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000\n[ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c\n[ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0\n[ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858\n[ 1293.508753] FS: 0000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000\n[ 1293.510782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0\n[ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c040acf5744e87a7b3490f9ec8bedd0d15c9f29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6e675a66175869b7d87c0e1dd0ddf93e04f8098", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json new file mode 100644 index 00000000000..3e1d1208aec --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50003", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.173", + "lastModified": "2025-06-18T11:15:28.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: prohibit usage of non-balanced queue id\n\nFix the following scenario:\n1. ethtool -L $IFACE rx 8 tx 96\n2. xdpsock -q 10 -t -z\n\nAbove refers to a case where user would like to attach XSK socket in\ntxonly mode at a queue id that does not have a corresponding Rx queue.\nAt this moment ice's XSK logic is tightly bound to act on a \"queue pair\",\ne.g. both Tx and Rx queues at a given queue id are disabled/enabled and\nboth of them will get XSK pool assigned, which is broken for the presented\nqueue configuration. This results in the splat included at the bottom,\nwhich is basically an OOB access to Rx ring array.\n\nTo fix this, allow using the ids only in scope of \"combined\" queues\nreported by ethtool. However, logic should be rewritten to allow such\nconfigurations later on, which would end up as a complete rewrite of the\ncontrol path, so let us go with this temporary fix.\n\n[420160.558008] BUG: kernel NULL pointer dereference, address: 0000000000000082\n[420160.566359] #PF: supervisor read access in kernel mode\n[420160.572657] #PF: error_code(0x0000) - not-present page\n[420160.579002] PGD 0 P4D 0\n[420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G OE 5.19.0-rc7+ #10\n[420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice]\n[420160.616968] Code: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85\n[420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282\n[420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8\n[420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000\n[420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000\n[420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a\n[420160.683833] R13: 000000000000000a R14: 0000000000000000 R15: ffff888117611828\n[420160.693211] FS: 00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000\n[420160.703645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[420160.711783] CR2: 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0\n[420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[420160.740707] PKRU: 55555554\n[420160.745960] Call Trace:\n[420160.750962] \n[420160.755597] ? kmalloc_large_node+0x79/0x90\n[420160.762703] ? __kmalloc_node+0x3f5/0x4b0\n[420160.769341] xp_assign_dev+0xfd/0x210\n[420160.775661] ? shmem_file_read_iter+0x29a/0x420\n[420160.782896] xsk_bind+0x152/0x490\n[420160.788943] __sys_bind+0xd0/0x100\n[420160.795097] ? exit_to_user_mode_prepare+0x20/0x120\n[420160.802801] __x64_sys_bind+0x16/0x20\n[420160.809298] do_syscall_64+0x38/0x90\n[420160.815741] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[420160.823731] RIP: 0033:0x7fa86a0dd2fb\n[420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48\n[420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031\n[420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb\n[420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003\n[420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000\n[420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0\n[420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000\n[420160.919817] \n[420160.925659] Modules linked in: ice(OE) af_packet binfmt_misc\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/03a3f29fe5b1751ad9b5c892c894183e75a6e4c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1bfdcde723d8ceb2d73291b0415767e7c1cc1d8a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a42f112d367bb4700a8a41f5c12724fde6bfbb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe76b3e674665ea4059337f8f66d20cdfb0168eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json new file mode 100644 index 00000000000..4b79c92f664 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50004", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.287", + "lastModified": "2025-06-18T11:15:28.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: policy: fix metadata dst->dev xmit null pointer dereference\n\nWhen we try to transmit an skb with metadata_dst attached (i.e. dst->dev\n== NULL) through xfrm interface we can hit a null pointer dereference[1]\nin xfrmi_xmit2() -> xfrm_lookup_with_ifid() due to the check for a\nloopback skb device when there's no policy which dereferences dst->dev\nunconditionally. Not having dst->dev can be interepreted as it not being\na loopback device, so just add a check for a null dst_orig->dev.\n\nWith this fix xfrm interface's Tx error counters go up as usual.\n\n[1] net-next calltrace captured via netconsole:\n BUG: kernel NULL pointer dereference, address: 00000000000000c0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 7231 Comm: ping Kdump: loaded Not tainted 5.19.0+ #24\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014\n RIP: 0010:xfrm_lookup_with_ifid+0x5eb/0xa60\n Code: 8d 74 24 38 e8 26 a4 37 00 48 89 c1 e9 12 fc ff ff 49 63 ed 41 83 fd be 0f 85 be 01 00 00 41 be ff ff ff ff 45 31 ed 48 8b 03 80 c0 00 00 00 08 75 0f 41 80 bc 24 19 0d 00 00 01 0f 84 1e 02\n RSP: 0018:ffffb0db82c679f0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffd0db7fcad430 RCX: ffffb0db82c67a10\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb0db82c67a80\n RBP: ffffb0db82c67a80 R08: ffffb0db82c67a14 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff8fa449667dc8 R12: ffffffff966db880\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000\n FS: 00007ff35c83f000(0000) GS:ffff8fa478480000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000c0 CR3: 000000001ebb7000 CR4: 0000000000350ee0\n Call Trace:\n \n xfrmi_xmit+0xde/0x460\n ? tcf_bpf_act+0x13d/0x2a0\n dev_hard_start_xmit+0x72/0x1e0\n __dev_queue_xmit+0x251/0xd30\n ip_finish_output2+0x140/0x550\n ip_push_pending_frames+0x56/0x80\n raw_sendmsg+0x663/0x10a0\n ? try_charge_memcg+0x3fd/0x7a0\n ? __mod_memcg_lruvec_state+0x93/0x110\n ? sock_sendmsg+0x30/0x40\n sock_sendmsg+0x30/0x40\n __sys_sendto+0xeb/0x130\n ? handle_mm_fault+0xae/0x280\n ? do_user_addr_fault+0x1e7/0x680\n ? kvm_read_and_reset_apf_flags+0x3b/0x50\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7ff35cac1366\n Code: eb 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89\n RSP: 002b:00007fff738e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 00007fff738e57b0 RCX: 00007ff35cac1366\n RDX: 0000000000000040 RSI: 0000557164e4b450 RDI: 0000000000000003\n RBP: 0000557164e4b450 R08: 00007fff738e7a2c R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040\n R13: 00007fff738e5770 R14: 00007fff738e4030 R15: 0000001d00000001\n \n Modules linked in: netconsole veth br_netfilter bridge bonding virtio_net [last unloaded: netconsole]\n CR2: 00000000000000c0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17ecd4a4db4783392edd4944f5e8268205083f70", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2761612bcde9776dd93ce60ce55ef0b7c7329153", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96f2758a6d028d1ac08616de9c3c7ff2a122ecf1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e26d676c1f9f335510780b566a10475c47ce03d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json new file mode 100644 index 00000000000..9daf327105e --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50005", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.397", + "lastModified": "2025-06-18T11:15:28.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n (thread 1) | (thread 2)\n | pn532_uart_send_frame\npn532_uart_remove | mod_timer(&pn532->cmd_timeout,...)\n ... | (wait a time)\n kfree(pn532) //FREE | pn532_cmd_timeout\n | pn532_uart_send_frame\n | pn532->... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev->shutting_down to true and there\nare no syscalls could restart the cmd_timeout timer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json new file mode 100644 index 00000000000..26515338a7a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50006", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.503", + "lastModified": "2025-06-18T11:15:28.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2 fix problems with __nfs42_ssc_open\n\nA destination server while doing a COPY shouldn't accept using the\npassed in filehandle if its not a regular filehandle.\n\nIf alloc_file_pseudo() has failed, we need to decrement a reference\non the newly created inode, otherwise it leaks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5626f95356111602ad26fc05445a4d1f818a0992", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e49ea099850feadcbf33c74b4f514a3e8049b91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2a47f6903e270c308c40ad4a23c17b30a54373c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcfc8be1e9cf2f12b50dce8b579b3ae54443a014", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json new file mode 100644 index 00000000000..21a247ee65b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50007", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.617", + "lastModified": "2025-06-18T11:15:28.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in __xfrm_policy_check()\n\nThe issue happens on an error path in __xfrm_policy_check(). When the\nfetching process of the object `pols[1]` fails, the function simply\nreturns 0, forgetting to decrement the reference count of `pols[0]`,\nwhich is incremented earlier by either xfrm_sk_policy_lookup() or\nxfrm_policy_lookup(). This may result in memory leaks.\n\nFix it by decreasing the reference count of `pols[0]` in that path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0769491a8acd3e85ca4c3f65080eac2c824262df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1305d7d4f35ca6f214a2d23b075aa6a924cff3be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/18e6b6e2555c93f5ca09f2b85ef1fa025c8accea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26ad2398fe4984f4f6f930bcb3bc9047fa77265b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63da7a2bbf3f28094920e0b8a17d2571a9bd842d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f94b933103ee1bda119543369cc18a1be5536db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c9cb23e00ddf45679b21b4dacc11d1ae7961ebe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d66c052879791313f90c0584420f196a038fb8b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json new file mode 100644 index 00000000000..15150910c9c --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50008", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.737", + "lastModified": "2025-06-18T11:15:28.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: don't call disarm_kprobe() for disabled kprobes\n\nThe assumption in __disable_kprobe() is wrong, and it could try to disarm\nan already disarmed kprobe and fire the WARN_ONCE() below. [0] We can\neasily reproduce this issue.\n\n1. Write 0 to /sys/kernel/debug/kprobes/enabled.\n\n # echo 0 > /sys/kernel/debug/kprobes/enabled\n\n2. Run execsnoop. At this time, one kprobe is disabled.\n\n # /usr/share/bcc/tools/execsnoop &\n [1] 2460\n PCOMM PID PPID RET ARGS\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes\n kprobes_all_disarmed to false but does not arm the disabled kprobe.\n\n # echo 1 > /sys/kernel/debug/kprobes/enabled\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the\n disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().\n\n # fg\n /usr/share/bcc/tools/execsnoop\n ^C\n\nActually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses\nsome cleanups and leaves the aggregated kprobe in the hash table. Then,\n__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an\ninfinite loop like this.\n\n aggregated kprobe.list -> kprobe.list -.\n ^ |\n '.__.'\n\nIn this situation, these commands fall into the infinite loop and result\nin RCU stall or soft lockup.\n\n cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the\n infinite loop with RCU.\n\n /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,\n and __get_valid_kprobe() is stuck in\n\t\t\t\t the loop.\n\nTo avoid the issue, make sure we don't call disarm_kprobe() for disabled\nkprobes.\n\n[0]\nFailed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)\nWARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nModules linked in: ena\nCPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28\nHardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nCode: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94\nRSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001\nRDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff\nRBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff\nR10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40\nR13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000\nFS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\n __disable_kprobe (kernel/kprobes.c:1716)\n disable_kprobe (kernel/kprobes.c:2392)\n __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)\n disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)\n perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)\n perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)\n _free_event (kernel/events/core.c:4971)\n perf_event_release_kernel (kernel/events/core.c:5176)\n perf_release (kernel/events/core.c:5186)\n __fput (fs/file_table.c:321)\n task_work_run (./include/linux/\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19cd630712e7c13a3dedfc6986a9b983fed6fd98", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55c7a91527343d2e0b5647cc308c6e04ddd2aa52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f3c1bc22fc2165461883f506b4d2c3594bd7137", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/744b0d3080709a172f0408aedabd1cedd24c2ee6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c80e79906b4ca440d09e7f116609262bb747909", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b474ff1b20951f1eac75d100a93861e6da2b522b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc3188d8a3b8c08c306a4c851ddb2c92ba4599ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc91d2db55acdaf0c0075b624e572d3520ca3bc3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json new file mode 100644 index 00000000000..81238b96046 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50009", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.857", + "lastModified": "2025-06-18T11:15:28.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_get_dnode_of_data\n\nThere is issue as follows when test f2fs atomic write:\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock\nF2FS-fs (loop0): invalid crc_offset: 0\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.\n==================================================================\nBUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0\nRead of size 8 at addr 0000000000000028 by task rep/1990\n\nCPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266\nCall Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report.cold+0x49a/0x6bb\n kasan_report+0xa8/0x130\n f2fs_get_dnode_of_data+0xac/0x16d0\n f2fs_do_write_data_page+0x2a5/0x1030\n move_data_page+0x3c5/0xdf0\n do_garbage_collect+0x2015/0x36c0\n f2fs_gc+0x554/0x1d30\n f2fs_balance_fs+0x7f5/0xda0\n f2fs_write_single_data_page+0xb66/0xdc0\n f2fs_write_cache_pages+0x716/0x1420\n f2fs_write_data_pages+0x84f/0x9a0\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x87/0xa0\n file_write_and_wait_range+0x157/0x1c0\n f2fs_do_sync_file+0x206/0x12d0\n f2fs_sync_file+0x99/0xc0\n vfs_fsync_range+0x75/0x140\n f2fs_file_write_iter+0xd7b/0x1850\n vfs_write+0x645/0x780\n ksys_write+0xf1/0x1e0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAs 3db1de0e582c commit changed atomic write way which new a cow_inode for\natomic write file, and also mark cow_inode as FI_ATOMIC_FILE.\nWhen f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode\nwhich is NULL. Then will trigger null-ptr-deref.\nTo solve above issue, introduce FI_COW_FILE flag for COW inode.\n\nFiexes: 3db1de0e582c(\"f2fs: change the current atomic write way\")" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f63e33eca6fa29a11c76fa31db5fe1cada5ad6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a2c5b7994960fac29cf8a3f4e62855bae1b27d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7000ad53ec1b17bd2fac76984b7b0c663755cbb7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json new file mode 100644 index 00000000000..235a1703159 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50010", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:28.970", + "lastModified": "2025-06-18T11:15:28.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: i740fb: Check the argument of i740_calc_vclk()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug.\n\nIf the user provides an improper 'pixclock' value that makes the argumet\nof i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a\ndivide-by-zero bug in:\n drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]\nRIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]\nRIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of i740_calc_vclk() first." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b7f559152a33c55f51b569b22efbe5e24886798", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/40bf722f8064f50200b8c4f8946cd625b441dda9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4b20c61365140d432dee7da7aa294215e7b900d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59cefb583c984c0da8cf21a4c57d26d5a20dff5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/656689cb03ada4650016c153346939a1c334b1ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2d375eb68b4b8de6ea7460483a26fa9de56b443", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e740e787f06671455b59d1e498c9945f7b4e7b3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f350812e2d15278f1d867eeb997407782234fb3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json new file mode 100644 index 00000000000..f786a4fc4e0 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50011", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.093", + "lastModified": "2025-06-18T11:15:29.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvenus: pm_helpers: Fix warning in OPP during probe\n\nFix the following WARN triggered during Venus driver probe on\n5.19.0-rc8-next-20220728:\n\n WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610\n Modules linked in: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor\n qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+)\n videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched\n snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats\n drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5\n phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro\n lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers\n qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector\n drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6\n CPU: 7 PID: 339 Comm: systemd-udevd Not tainted 5.19.0-rc8-next-20220728 #4\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : dev_pm_opp_set_config+0x49c/0x610\n lr : dev_pm_opp_set_config+0x58/0x610\n sp : ffff8000093c3710\n x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00\n x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810\n x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810\n x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000\n x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858\n x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000\n x11: 0000000000000002 x10: 0000000000000a60 x9 : ffff8000093c35c0\n x8 : ffff4396c4273700 x7 : ffff43983efca6c0 x6 : ffff43983efca640\n x5 : 00000000410fd0d0 x4 : ffff4396c4272c40 x3 : ffffbca3f5d1e008\n x2 : 0000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860\n Call trace:\n dev_pm_opp_set_config+0x49c/0x610\n devm_pm_opp_set_config+0x18/0x70\n vcodec_domains_get+0xb8/0x1638 [venus_core]\n core_get_v4+0x1d8/0x218 [venus_core]\n venus_probe+0xf4/0x468 [venus_core]\n platform_probe+0x68/0xd8\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n driver_probe_device+0x3c/0xf0\n __driver_attach+0x70/0x120\n bus_for_each_dev+0x70/0xc0\n driver_attach+0x24/0x30\n bus_add_driver+0x150/0x200\n driver_register+0x64/0x120\n __platform_driver_register+0x28/0x38\n qcom_venus_driver_init+0x24/0x1000 [venus_core]\n do_one_initcall+0x54/0x1c8\n do_init_module+0x44/0x1d0\n load_module+0x16c8/0x1aa0\n __do_sys_finit_module+0xbc/0x110\n __arm64_sys_finit_module+0x20/0x30\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.0+0xcc/0xf0\n do_el0_svc+0x2c/0xb8\n el0_svc+0x2c/0x88\n el0t_64_sync_handler+0xb8/0xc0\n el0t_64_sync+0x18c/0x190\n qcom-venus: probe of aa00000.video-codec failed with error -16\n\nThe fix is re-ordering the code related to OPP core. The OPP core\nexpects all configuration options to be provided before the OPP\ntable is added." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0bdec5eed69c73886af4cfbb94b663e1e10b8344", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1d95af02f23031c2e1cca7607c514b86ce85bc6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8d4eccd78461c3e3555bff67148432bb6c21d059", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json new file mode 100644 index 00000000000..482250456c8 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50012", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.213", + "lastModified": "2025-06-18T11:15:29.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Init jump labels before parse_early_param()\n\nOn 64-bit, calling jump_label_init() in setup_feature_keys() is too\nlate because static keys may be used in subroutines of\nparse_early_param() which is again subroutine of early_init_devtree().\n\nFor example booting with \"threadirqs\":\n\n static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()\n WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120\n ...\n NIP static_key_enable_cpuslocked+0xfc/0x120\n LR static_key_enable_cpuslocked+0xf8/0x120\n Call Trace:\n static_key_enable_cpuslocked+0xf8/0x120 (unreliable)\n static_key_enable+0x30/0x50\n setup_forced_irqthreads+0x28/0x40\n do_early_param+0xa0/0x108\n parse_args+0x290/0x4e0\n parse_early_options+0x48/0x5c\n parse_early_param+0x58/0x84\n early_init_devtree+0xd4/0x518\n early_setup+0xb4/0x214\n\nSo call jump_label_init() just before parse_early_param() in\nearly_init_devtree().\n\n[mpe: Add call trace to change log and minor wording edits.]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4bb1188e2b1ed98fa2b618cc0628ccba63c6c80f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e14b04c8459afbeea1eeb74e81af86d7b196a4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8992141cb88f1d99fd11580f4423634700a99240", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f9357313cdcadb0a311b44c29d4eaccc7fa632f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c4ced9fd10073adc854919976b88ad6004271119", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca829e05d3d4f728810cc5e4b468d9ebc7745eb3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dac28dff90849af4200b8269fcdc84cdc12fa46c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e3c9e9452a8ea12d335b1e59b2c72e1b99c699b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json new file mode 100644 index 00000000000..5243e6c0e91 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50013", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.340", + "lastModified": "2025-06-18T11:15:29.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()\n\nAs Dipanjan Das reported, syzkaller\nfound a f2fs bug as below:\n\nRIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295\nCall Trace:\n write_all_xattrs fs/f2fs/xattr.c:487 [inline]\n __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743\n f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790\n f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86\n __vfs_setxattr+0x115/0x180 fs/xattr.c:182\n __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216\n __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277\n vfs_setxattr+0x13f/0x330 fs/xattr.c:303\n setxattr+0x146/0x160 fs/xattr.c:611\n path_setxattr+0x1a7/0x1d0 fs/xattr.c:630\n __do_sys_lsetxattr fs/xattr.c:653 [inline]\n __se_sys_lsetxattr fs/xattr.c:649 [inline]\n __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nNAT entry and nat bitmap can be inconsistent, e.g. one nid is free\nin nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it\nmay trigger BUG_ON() in f2fs_new_node_page(), fix it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json new file mode 100644 index 00000000000..331785456fb --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50014", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.470", + "lastModified": "2025-06-18T11:15:29.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW\n\nEver since the Dirty COW (CVE-2016-5195) security issue happened, we know\nthat FOLL_FORCE can be possibly dangerous, especially if there are races\nthat can be exploited by user space.\n\nRight now, it would be sufficient to have some code that sets a PTE of a\nR/O-mapped shared page dirty, in order for it to erroneously become\nwritable by FOLL_FORCE. The implications of setting a write-protected PTE\ndirty might not be immediately obvious to everyone.\n\nAnd in fact ever since commit 9ae0f87d009c (\"mm/shmem: unconditionally set\npte dirty in mfill_atomic_install_pte\"), we can use UFFDIO_CONTINUE to map\na shmem page R/O while marking the pte dirty. This can be used by\nunprivileged user space to modify tmpfs/shmem file content even if the\nuser does not have write permissions to the file, and to bypass memfd\nwrite sealing -- Dirty COW restricted to tmpfs/shmem (CVE-2022-2590).\n\nTo fix such security issues for good, the insight is that we really only\nneed that fancy retry logic (FOLL_COW) for COW mappings that are not\nwritable (!VM_WRITE). And in a COW mapping, we really only broke COW if\nwe have an exclusive anonymous page mapped. If we have something else\nmapped, or the mapped anonymous page might be shared (!PageAnonExclusive),\nwe have to trigger a write fault to break COW. If we don't find an\nexclusive anonymous page when we retry, we have to trigger COW breaking\nonce again because something intervened.\n\nLet's move away from this mandatory-retry + dirty handling and rely on our\nPageAnonExclusive() flag for making a similar decision, to use the same\nCOW logic as in other kernel parts here as well. In case we stumble over\na PTE in a COW mapping that does not map an exclusive anonymous page, COW\nwas not properly broken and we have to trigger a fake write-fault to break\nCOW.\n\nJust like we do in can_change_pte_writable() added via commit 64fe24a3e05e\n(\"mm/mprotect: try avoiding write faults for exclusive anonymous pages\nwhen changing protection\") and commit 76aefad628aa (\"mm/mprotect: fix\nsoft-dirty check in can_change_pte_writable()\"), take care of softdirty\nand uffd-wp manually.\n\nFor example, a write() via /proc/self/mem to a uffd-wp-protected range has\nto fail instead of silently granting write access and bypassing the\nuserspace fault handler. Note that FOLL_FORCE is not only used for debug\naccess, but also triggered by applications without debug intentions, for\nexample, when pinning pages via RDMA.\n\nThis fixes CVE-2022-2590. Note that only x86_64 and aarch64 are\naffected, because only those support CONFIG_HAVE_ARCH_USERFAULTFD_MINOR.\n\nFortunately, FOLL_COW is no longer required to handle FOLL_FORCE. So\nlet's just get rid of it.\n\nThanks to Nadav Amit for pointing out that the pte_dirty() check in\nFOLL_FORCE code is problematic and might be exploitable.\n\nNote 1: We don't check for the PTE being dirty because it doesn't matter\n\tfor making a \"was COWed\" decision anymore, and whoever modifies the\n\tpage has to set the page dirty either way.\n\nNote 2: Kernels before extended uffd-wp support and before\n\tPageAnonExclusive (< 5.19) can simply revert the problematic\n\tcommit instead and be safe regarding UFFDIO_CONTINUE. A backport to\n\tv5.19 requires minor adjustments due to lack of\n\tvma_soft_dirty_enabled()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5535be3099717646781ce1540cf725965d680e7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9def52eb10baab3b700858003d462fcf17d62873", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json new file mode 100644 index 00000000000..906958b8c8b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50015", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.593", + "lastModified": "2025-06-18T11:15:29.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json new file mode 100644 index 00000000000..da227b02741 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50016", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.700", + "lastModified": "2025-06-18T11:15:29.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/230f646085d17a008b609eb8fe8befb8811868f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/acacd9eefd0def5a83244d88e5483b5f38ee7287", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json new file mode 100644 index 00000000000..56f362fb341 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50017", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.807", + "lastModified": "2025-06-18T11:15:29.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start\n\nWe should call of_node_put() for the reference 'uctl_node' returned by\nof_get_parent() which will increase the refcount. Otherwise, there will\nbe a refcount leak bug." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b49707df679b5510ed06ace7378ddc2aec5c3fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1e39037e44d7fa3728686af146f9285ea197097d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7822d994eb9579a1df4cdbc315db090a041e50f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a9f743ceead60ed454c46fbc3085ee9a79cbebb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d1afa0169a84dcd5b79901d792edeb8403684ab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a80016c40cc797c7f3e5a705b8e12ae447280335", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af87a469695dc2b2419b2fdff0bf41db5265b325", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c06166a484eece51916dd700a870e53356b7e1bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50018.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50018.json new file mode 100644 index 00000000000..39d2e34f485 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50018.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50018", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:29.923", + "lastModified": "2025-06-18T11:15:29.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix page fault in snd_hda_codec_shutdown()\n\nIf early probe of HDAudio bus driver fails e.g.: due to missing\nfirmware file, snd_hda_codec_shutdown() ends in manipulating\nuninitialized codec->pcm_list_head causing page fault.\n\nIinitialization of HDAudio codec in ASoC is split in two:\n- snd_hda_codec_device_init()\n- snd_hda_codec_device_new()\n\nsnd_hda_codec_device_init() is called during probe_codecs() by HDAudio\nbus driver while snd_hda_codec_device_new() is called by\ncodec-component's ->probe(). The second call will not happen until all\ncomponents required by related sound card are present within the ASoC\nframework. With firmware failing to load during the PCI's deferred\ninitialization i.e.: probe_work(), no platform components are ever\nregistered. HDAudio codec enumeration is done at that point though, so\nthe codec components became registered to ASoC framework, calling\nsnd_hda_codec_device_init() in the process.\n\nNow, during platform reboot snd_hda_codec_shutdown() is called for every\ncodec found on the HDAudio bus causing oops if any of them has not\ncompleted both of their initialization steps. Relocating field\ninitialization fixes the issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/980b3a8790b402e959a6d773b38b771019682be1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e02db5c2c2ee15bc9a9ec8a86a614fd091e584dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json new file mode 100644 index 00000000000..9676621658f --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50019", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.030", + "lastModified": "2025-06-18T11:15:30.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: Fix refcount leak bug in ucc_uart.c\n\nIn soc_info(), of_find_node_by_type() will return a node pointer\nwith refcount incremented. We should use of_node_put() when it is\nnot used anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17c32546166d8a7d2579c4b57c8b16241f94a66b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59bc4c19d53bdac61ec952c01c6e864f5f0f8367", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81939c4fbc2d5c754d0f1c1f05149d4b70d751ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8245e7d1d7f75a9255ad1e8146752e5051d528b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca3fc1c38e4253bc019881301a28ea60b8b0bca3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d24d7bb2cd947676f9b71fb944d045e09b8b282f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec56f886f3bf0f15f7a3844d4c025e165b8e8de7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6ed634eedb1a8a6a8cb110a7695c7abb70ffcbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json new file mode 100644 index 00000000000..d6d4f8235e1 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.150", + "lastModified": "2025-06-18T11:15:30.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0082e99a9074ff88eff729c70c93454c8588d8e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53f62a4201be1cfc1e3c971e566888b182c3ffb0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72b850a2a996f72541172e7cf686d54a2b29bcd8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7bdfb01fc5f6b3696728aeb527c50386e0ee09a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80288883294c5b4ed18bae0d8bd9c4a12f297074", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/952b3dc02baaae6a69c71c0aca23e06741182d9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6805b3dcf5cd41f2ae3a03dca43411135b99849", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json new file mode 100644 index 00000000000..c1291c62882 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.280", + "lastModified": "2025-06-18T11:15:30.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n \n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/560a2744cbbf03cac65a6394f9b0d99aa437c867", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7550aade978371ac582f6d43b14c4cb89ca54463", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2522041d248a8c969cbbc97e1fc2cd8b4de120d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json new file mode 100644 index 00000000000..e7b70813f29 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50022", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.390", + "lastModified": "2025-06-18T11:15:30.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers:md:fix a potential use-after-free bug\n\nIn line 2884, \"raid5_release_stripe(sh);\" drops the reference to sh and\nmay cause sh to be released. However, sh is subsequently used in lines\n2886 \"if (sh->batch_head && sh != sh->batch_head)\". This may result in an\nuse-after-free bug.\n\nIt can be fixed by moving \"raid5_release_stripe(sh);\" to the bottom of\nthe function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/09cf99bace7789d91caa8d10fbcfc8b2fb35857f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/104212471b1c1817b311771d817fb692af983173", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d8325fd15892c8ab1146edc1d7ed8463de39636", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7470a4314b239e9a9580f248fdf4c9a92805490e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9b94c3ace549433de8a93eeb27b0391fc8ac406", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5b3dd2d92c4511e81f6e4ec9c5bb7ad25e03d13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb3a4f73f43f839df981dda5859e8e075067a360", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5d46f1b47f65da1faf468277b261eb78c8e25b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json new file mode 100644 index 00000000000..460a18d58b7 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50023", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.530", + "lastModified": "2025-06-18T11:15:30.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: ignore interrupt if no descriptor\n\nIf the channel has no descriptor and the interrupt is raised then the\nkernel will OOPS. Check the result of vchan_next_desc() in the handler\naxi_chan_block_xfer_complete() to avoid the error happening." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d05aeebbde8c69593d8aa512b7c08b8f0ad25ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/54aa6c49361b79f7f6b15fc63dfe9ea52c70bb03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/820f5ce999d2f99961e88c16d65cd26764df0590", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json new file mode 100644 index 00000000000..acc61f8fd18 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50024", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.650", + "lastModified": "2025-06-18T11:15:30.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: do not print NULL LLI during error\n\nDuring debugging we have seen an issue where axi_chan_dump_lli()\nis passed a NULL LLI pointer which ends up causing an OOPS due\nto trying to get fields from it. Simply print NULL LLI and exit\nto avoid this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/86cb0defe0e275453bc39e856bb523eb425a6537", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad764df73ae5eada265fffc0408404703cbb2b8d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af76e6fdcf92f1a742b788d0dba5edd194267bf9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json new file mode 100644 index 00000000000..87492cd64e2 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50025", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.760", + "lastModified": "2025-06-18T11:15:30.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl: Fix a memory leak in an error handling path\n\nA bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the\nerror handling path of afu_allocate_irqs()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a15b45b5454da862376b5d69a4967f5c6fa1368", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4be138bcd6d68cec0ce47051b117541061f5141a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6544ff559315498ad6c0a311359ca44987f9ca07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/695af60af755873399ce01cb97176768828bc1fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89d51dc6878c47b6400922fac21b6a33f9d1a588", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/addff638c41753639368c252d0c5ba0d8fe9ed97", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2557780ee7818b701681c226fa4cb7c0b171665", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2c7a29f99788e9e5dfe41d16868ea33da7cc235", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json new file mode 100644 index 00000000000..70ef93ac5ad --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50026", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.880", + "lastModified": "2025-06-18T11:15:30.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs/gaudi: fix shift out of bounds\n\nWhen validating NIC queues, queue offset calculation must be\nperformed only for NIC queues." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01622098aeb05a5efbb727199bbc2a4653393255", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/19958bf4ef3124f6e93fd9e2de0b54d2a356a4db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b09e5ab18c9f52ff14cf968770e15d5b2dd85c43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json new file mode 100644 index 00000000000..9246df12ef9 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50027", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:30.990", + "lastModified": "2025-06-18T11:15:30.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n\nThere is no corresponding free routine if lpfc_sli4_issue_wqe fails to\nissue the CMF WQE in lpfc_issue_cmf_sync_wqe.\n\nIf ret_val is non-zero, then free the iocbq request structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2f67dc7970bce3529edce93a0a14234d88b3fcd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4eb7a1beff03836d3df271cd23b790884e3facb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c8e2e607270a368834a0ef72aa82d970f89c596", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json new file mode 100644 index 00000000000..35222433393 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50028", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.097", + "lastModified": "2025-06-18T11:15:31.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngadgetfs: ep_io - wait until IRQ finishes\n\nafter usb_ep_queue() if wait_for_completion_interruptible() is\ninterrupted we need to wait until IRQ gets finished.\n\nOtherwise complete() from epio_complete() can corrupt stack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04cb742d4d8f30dc2e83b46ac317eec09191c68e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/118d967ce00a3d128bf731b35e4e2cb0facf5f00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b06d5d97c0e067108a122986767731d40742138", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67a4874461422e633236a0286a01b483cd647113", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/77040efe59a141286d090c8a0d37c65a355a1832", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94aadba8d000d5de56af4ce8da3f334f21bf7a79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ac14f973cb91f0c01776517e6d50981f32b8038", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca06b4cde54f8ec8be3aa53fd339bd56e62c12b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json new file mode 100644 index 00000000000..806d5ea7ab9 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50029", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.220", + "lastModified": "2025-06-18T11:15:31.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: dont disable gcc_sleep_clk_src\n\nOnce the usb sleep clocks are disabled, clock framework is trying to\ndisable the sleep clock source also.\n\nHowever, it seems that it cannot be disabled and trying to do so produces:\n[ 245.436390] ------------[ cut here ]------------\n[ 245.441233] gcc_sleep_clk_src status stuck at 'on'\n[ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140\n[ 245.450435] Modules linked in: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio\n[ 245.456601] CPU: 2 PID: 223 Comm: sh Not tainted 5.18.0-rc4 #215\n[ 245.463889] Hardware name: Xiaomi AX9000 (DT)\n[ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 245.474307] pc : clk_branch_wait+0x130/0x140\n[ 245.481073] lr : clk_branch_wait+0x130/0x140\n[ 245.485588] sp : ffffffc009f2bad0\n[ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000\n[ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20\n[ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0\n[ 245.507294] x20: 0000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7\n[ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777\n[ 245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129\n[ 245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9 : 0000000000000001\n[ 245.535767] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : 0000000000000001\n[ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027\n[ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026\n[ 245.557122] Call trace:\n[ 245.564229] clk_branch_wait+0x130/0x140\n[ 245.566490] clk_branch2_disable+0x2c/0x40\n[ 245.570656] clk_core_disable+0x60/0xb0\n[ 245.574561] clk_core_disable+0x68/0xb0\n[ 245.578293] clk_disable+0x30/0x50\n[ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom]\n[ 245.585588] platform_remove+0x28/0x60\n[ 245.590361] device_remove+0x4c/0x80\n[ 245.594179] device_release_driver_internal+0x1dc/0x230\n[ 245.597914] device_driver_detach+0x18/0x30\n[ 245.602861] unbind_store+0xec/0x110\n[ 245.607027] drv_attr_store+0x24/0x40\n[ 245.610847] sysfs_kf_write+0x44/0x60\n[ 245.614405] kernfs_fop_write_iter+0x128/0x1c0\n[ 245.618052] new_sync_write+0xc0/0x130\n[ 245.622391] vfs_write+0x1d4/0x2a0\n[ 245.626123] ksys_write+0x58/0xe0\n[ 245.629508] __arm64_sys_write+0x1c/0x30\n[ 245.632895] invoke_syscall.constprop.0+0x5c/0x110\n[ 245.636890] do_el0_svc+0xa0/0x150\n[ 245.641488] el0_svc+0x18/0x60\n[ 245.644872] el0t_64_sync_handler+0xa4/0x130\n[ 245.647914] el0t_64_sync+0x174/0x178\n[ 245.652340] ---[ end trace 0000000000000000 ]---\n\nSo, add CLK_IS_CRITICAL flag to the clock so that the kernel won't try\nto disable the sleep clock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17d58499dc9c7e059dab7d170e9bae1e7e9c561b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1bf7305e79aab095196131bdc87a97796e0e3fac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38cee0d2b65eed42a44052de1bfdc0177b6c3f05", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4203b76abe539f3cac258d4cf1e16e2dd95ea60f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/459411b9f0180e3f382d7abfa3028dd3285984c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b90ab952401bd6c1a321dcfc0e0df080f2bc905", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d401611a93b332914cf91eb9bc0b63fa1bdc17e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json new file mode 100644 index 00000000000..682ed32136b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50030", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.340", + "lastModified": "2025-06-18T11:15:31.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input\n\nMalformed user input to debugfs results in buffer overflow crashes. Adapt\ninput string lengths to fit within internal buffers, leaving space for NULL\nterminators." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2d544e9d19c109dfe34b3dc1253a8b2971abe060", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/927907f1cbb3408cadde637fccfc17bb6b10a87d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b92506dc51f81741eb26609175ac206c20f06e0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c29a4baaad38a332c0ae480cf6d6c5bf75ac1828", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8191d40aa612981ce897e66cda6a88db8df17bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json new file mode 100644 index 00000000000..fe59b011458 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50031", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.450", + "lastModified": "2025-06-18T11:15:31.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: Fix HW conn removal use after free\n\nIf qla4xxx doesn't remove the connection before the session, the iSCSI\nclass tries to remove the connection for it. We were doing a\niscsi_put_conn() in the iter function which is not needed and will result\nin a use after free because iscsi_remove_conn() will free the connection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0483ffc02ebb953124c592485a5c48ac4ffae5fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c577ab7ba5f3bf9062db8a58b6e89d4fe370447e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json new file mode 100644 index 00000000000..d0ef18b9f28 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50032", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.557", + "lastModified": "2025-06-18T11:15:31.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas: Fix refcount leak bug\n\nIn usbhs_rza1_hardware_init(), of_find_node_by_name() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/36b18b777dece704b7c2e9e7947ca41a9b0fb009", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c4b699193eba51f1bbf462d758d66f545fddd35", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9790a5a4f07f38a5add85ec58c44797d3a7c3677", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d6d5303c39b8bc182475b22f45504106a07f086", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cfa8f707a58d68b2341a9dd0b33cf048f0628b4d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fbdbd61a36d887e00114321c6758e359e9573a8e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json new file mode 100644 index 00000000000..756f15f20fb --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50033", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.677", + "lastModified": "2025-06-18T11:15:31.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-ppc-of: Fix refcount leak bug\n\nIn ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0334d23c56ecf1ee1563bb83e29cc5a51ed7fb4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0fc62bbc95319bbd330e3645afc7c286acec9ef8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/403132881e66db7aa98b55c6655daedd80d407fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/40a959d7042bb7711e404ad2318b30e9f92c6b9b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5c5bd5cdcc6dc9f75f53d1c89af463d39a2bb96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb5dd65e889163e723df1c2f02288cc527a57785", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec583e300aee9f152a64911445092d18e1c36729", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe6fe64403710287f0ae61a516954d8a4f7c9e3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json new file mode 100644 index 00000000000..8a16ace794a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50034", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.790", + "lastModified": "2025-06-18T11:15:31.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3 fix use-after-free at workaround 2\n\nBUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac\n\ncdns3_wa2_remove_old_request()\n{\n\t...\n\tkfree(priv_req->request.buf);\n\tcdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);\n\tlist_del_init(&priv_req->list);\n\t^^^ use after free\n\t...\n}\n\ncdns3_gadget_ep_free_request() free the space pointed by priv_req,\nbut priv_req is used in the following list_del_init().\n\nThis patch move list_del_init() before cdns3_gadget_ep_free_request()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6d7ac60098b206d0472475b666cb09d556bec03d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fd50446e7c9a98b4bcf96815f5c9602a16ea472", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d602f30149a117eea260208b1661bc404c21dfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3c1dbad3a2db32ecf371c97f2058491b8ba0f9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e65d9b7147d7be3504893ca7dfb85286bda83d40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json new file mode 100644 index 00000000000..eb72aad3a62 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50035", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:31.897", + "lastModified": "2025-06-18T11:15:31.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex\n\nIf amdgpu_cs_vm_handling returns r != 0, then it will unlock the\nbo_list_mutex inside the function amdgpu_cs_vm_handling and again on\namdgpu_cs_parser_fini. This problem results in the following\nuse-after-free problem:\n\n[ 220.280990] ------------[ cut here ]------------\n[ 220.281000] refcount_t: underflow; use-after-free.\n[ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n[ 220.281029] ------------[ cut here ]------------\n[ 220.281415] CPU: 1 PID: 3746 Comm: chrome:cs0 Tainted: G W L ------- --- 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64 #1\n[ 220.281421] Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022\n[ 220.281426] RIP: 0010:refcount_warn_saturate+0xba/0x110\n[ 220.281431] Code: 01 01 e8 79 4a 6f 00 0f 0b e9 42 47 a5 00 80 3d de\n7e be 01 00 75 85 48 c7 c7 f8 98 8e 98 c6 05 ce 7e be 01 01 e8 56 4a\n6f 00 <0f> 0b e9 1f 47 a5 00 80 3d b9 7e be 01 00 0f 85 5e ff ff ff 48\nc7\n[ 220.281437] RSP: 0018:ffffb4b0d18d7a80 EFLAGS: 00010282\n[ 220.281443] RAX: 0000000000000026 RBX: 0000000000000003 RCX: 0000000000000000\n[ 220.281448] RDX: 0000000000000001 RSI: ffffffff988d06dc RDI: 00000000ffffffff\n[ 220.281452] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffb4b0d18d7930\n[ 220.281457] R10: 0000000000000003 R11: ffffa0672e2fffe8 R12: ffffa058ca360400\n[ 220.281461] R13: ffffa05846c50a18 R14: 00000000fffffe00 R15: 0000000000000003\n[ 220.281465] FS: 00007f82683e06c0(0000) GS:ffffa066e2e00000(0000) knlGS:0000000000000000\n[ 220.281470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 220.281475] CR2: 00003590005cc000 CR3: 00000001fca46000 CR4: 0000000000350ee0\n[ 220.281480] Call Trace:\n[ 220.281485] \n[ 220.281490] amdgpu_cs_ioctl+0x4e2/0x2070 [amdgpu]\n[ 220.281806] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282028] drm_ioctl_kernel+0xa4/0x150\n[ 220.282043] drm_ioctl+0x21f/0x420\n[ 220.282053] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282275] ? lock_release+0x14f/0x460\n[ 220.282282] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282290] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282297] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282305] ? _raw_spin_unlock_irqrestore+0x40/0x60\n[ 220.282317] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu]\n[ 220.282534] __x64_sys_ioctl+0x90/0xd0\n[ 220.282545] do_syscall_64+0x5b/0x80\n[ 220.282551] ? futex_wake+0x6c/0x150\n[ 220.282568] ? lock_is_held_type+0xe8/0x140\n[ 220.282580] ? do_syscall_64+0x67/0x80\n[ 220.282585] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282592] ? do_syscall_64+0x67/0x80\n[ 220.282597] ? do_syscall_64+0x67/0x80\n[ 220.282602] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282609] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 220.282616] RIP: 0033:0x7f8282a4f8bf\n[ 220.282639] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10\n00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00\n0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00\n00\n[ 220.282644] RSP: 002b:00007f82683df410 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 220.282651] RAX: ffffffffffffffda RBX: 00007f82683df588 RCX: 00007f8282a4f8bf\n[ 220.282655] RDX: 00007f82683df4d0 RSI: 00000000c0186444 RDI: 0000000000000018\n[ 220.282659] RBP: 00007f82683df4d0 R08: 00007f82683df5e0 R09: 00007f82683df4b0\n[ 220.282663] R10: 00001d04000a0600 R11: 0000000000000246 R12: 00000000c0186444\n[ 220.282667] R13: 0000000000000018 R14: 00007f82683df588 R15: 0000000000000003\n[ 220.282689] \n[ 220.282693] irq event stamp: 6232311\n[ 220.282697] hardirqs last enabled at (6232319): [] __up_console_sem+0x5e/0x70\n[ 220.282704] hardirqs last disabled at (6232326): [] __up_console_sem+0x43/0x70\n[ 220.282709] softirqs last enabled at (6232072): [] __irq_exit_rcu+0xf9/0x170\n[ 220.282716] softirqs last disabled at (6232061): [regions'\narray will be accessed by negative index '-1'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7983e1e44cb322eba6af84160b6d18df80603fb8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79f86b862416126a2e826cb74224180d6625a32f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e84c6321f3578c38cb3c24258db91a92672b17a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd8e899cdb5ecaf8e8ee73854a99e10807eef1de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json new file mode 100644 index 00000000000..14ada3d53cf --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50041", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:32.560", + "lastModified": "2025-06-18T11:15:32.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix call trace with null VSI during VF reset\n\nDuring stress test with attaching and detaching VF from KVM and\nsimultaneously changing VFs spoofcheck and trust there was a\ncall trace in ice_reset_vf that VF's VSI is null.\n\n[145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio iavf dm_mod xt_CHECKSUM xt_MASQUERADE\nxt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun\n bridge stp llc sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTC\nO_vendor_support irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl ipmi_si intel_cstate ipmi_devintf joydev intel_uncore m\nei_me ipmi_msghandler i2c_i801 pcspkr mei lpc_ich ioatdma i2c_smbus acpi_pad acpi_power_meter ip_tables xfs libcrc32c i2c_algo_bit drm_sh\nmem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft syscopyarea crc64 sysfillrect sg sysimgblt fb_sys_fops drm i40e ixgbe ahci libahci\n libata crc32c_intel mdio dca wmi fuse [last unloaded: ice]\n[145237.352917] CPU: 46 PID: 840629 Comm: kworker/46:2 Tainted: G S W I E 5.19.0-rc6+ #24\n[145237.352921] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.0008.021120151325 02/11/2015\n[145237.352923] Workqueue: ice ice_service_task [ice]\n[145237.352948] RIP: 0010:ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352984] Code: 30 ec f3 cc e9 28 fd ff ff 0f b7 4b 50 48 c7 c2 48 19 9c c0 4c 89 ee 48 c7 c7 30 fe 9e c0 e8 d1 21 9d cc 31 c0 e9 a\n9 fe ff ff <0f> 0b b8 ea ff ff ff e9 c1 fc ff ff 0f 0b b8 fb ff ff ff e9 91 fe\n[145237.352987] RSP: 0018:ffffb453e257fdb8 EFLAGS: 00010246\n[145237.352990] RAX: ffff8bd0040181c0 RBX: ffff8be68db8f800 RCX: 0000000000000000\n[145237.352991] RDX: 000000000000ffff RSI: 0000000000000000 RDI: ffff8be68db8f800\n[145237.352993] RBP: ffff8bd0040181c0 R08: 0000000000001000 R09: ffff8bcfd520e000\n[145237.352995] R10: 0000000000000000 R11: 00008417b5ab0bc0 R12: 0000000000000005\n[145237.352996] R13: ffff8bcee061c0d0 R14: ffff8bd004019640 R15: 0000000000000000\n[145237.352998] FS: 0000000000000000(0000) GS:ffff8be5dfb00000(0000) knlGS:0000000000000000\n[145237.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[145237.353002] CR2: 00007fd81f651d68 CR3: 0000001a0fe10001 CR4: 00000000001726e0\n[145237.353003] Call Trace:\n[145237.353008] \n[145237.353011] ice_process_vflr_event+0x8d/0xb0 [ice]\n[145237.353049] ice_service_task+0x79f/0xef0 [ice]\n[145237.353074] process_one_work+0x1c8/0x390\n[145237.353081] ? process_one_work+0x390/0x390\n[145237.353084] worker_thread+0x30/0x360\n[145237.353087] ? process_one_work+0x390/0x390\n[145237.353090] kthread+0xe8/0x110\n[145237.353094] ? kthread_complete_and_exit+0x20/0x20\n[145237.353097] ret_from_fork+0x22/0x30\n[145237.353103] \n\nRemove WARN_ON() from check if VSI is null in ice_reset_vf.\nAdd \"VF is already removed\\n\" in dev_dbg().\n\nThis WARN_ON() is unnecessary and causes call trace, despite that\ncall trace, driver still works. There is no need for this warn\nbecause this piece of code is responsible for disabling VF's Tx/Rx\nqueues when VF is disabled, but when VF is already removed there\nis no need to do reset or disable queues." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/af1b0d1547dd1686ae842cac7f3678649a5cbd89", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf90b74341eecc32ceef0c136954a1668e43b1e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json new file mode 100644 index 00000000000..2740317c3c1 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50042", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:32.673", + "lastModified": "2025-06-18T11:15:32.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: genl: fix error path memory leak in policy dumping\n\nIf construction of the array of policies fails when recording\nnon-first policy we need to unwind.\n\nnetlink_policy_dump_add_policy() itself also needs fixing as\nit currently gives up on error without recording the allocated\npointer in the pstate pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/249801360db3dec4f73768c502192020bfddeacc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26b6acd365823e99e46be3b27500f5dc235dda5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83411c9f05d5a8b637293b3389eca3d378197c04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0672895d8be5d19d4b05ac83f807026fc791037", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json new file mode 100644 index 00000000000..49a05373631 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50043", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:32.787", + "lastModified": "2025-06-18T11:15:32.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix potential refcount leak in ndisc_router_discovery()\n\nThe issue happens on specific paths in the function. After both the\nobject `rt` and `neigh` are grabbed successfully, when `lifetime` is\nnonzero but the metric needs change, the function just deletes the\nroute and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh`\nagain if above conditions hold. The function simply overwrite `neigh`\nif succeeds or returns if fails, without decreasing the reference\ncount of previous `neigh`. This may result in memory leaks.\n\nFix it by decrementing the reference count of `neigh` in place." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7396ba87f1edf549284869451665c7c4e74ecd4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7998043d31d000c3a93f46182e6569dd0eecda34", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffb15594433391fd7885eb88ce5a7f7bdeefbb15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json new file mode 100644 index 00000000000..4aa78405d94 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50044", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:32.897", + "lastModified": "2025-06-18T11:15:32.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res->transaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,\n\t\t\t\tmhi_res->bytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json new file mode 100644 index 00000000000..4114a6cc555 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50045", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.050", + "lastModified": "2025-06-18T11:15:33.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pci: Fix get_phb_number() locking\n\nThe recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP\nwarning on some systems:\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n 1 lock held by swapper/1:\n #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220\n Preemption disabled at:\n [<00000000>] 0x0\n CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1\n Call Trace:\n [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable)\n [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8\n [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec\n [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4\n [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220\n [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784\n [d101de50] [c140852c] discover_phbs+0x30/0x4c\n [d101de60] [c0007fd4] do_one_initcall+0x94/0x344\n [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c\n [d101df10] [c00086e0] kernel_init+0x34/0x160\n [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64\n\nThis is because pcibios_alloc_controller() holds hose_spinlock but\nof_alias_get_id() takes of_mutex which can sleep.\n\nThe hose_spinlock protects the phb_bitmap, and also the hose_list, but\nit doesn't need to be held while get_phb_number() calls the OF routines,\nbecause those are only looking up information in the device tree.\n\nSo fix it by having get_phb_number() take the hose_spinlock itself, only\nwhere required, and then dropping the lock before returning.\npcibios_alloc_controller() then needs to take the lock again before the\nlist_add() but that's safe, the order of the list is not important." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d9e75c3d8cdf7c96a94cb77450d4ee070279e6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5db5ce0f1963c6c8275719a80cb65e9c98d32726", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f75057c21eab12c6ccb7f06f859641a6edfab99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8d48562a2729742f767b0fdd994d6b2a56a49c63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90f195c01a2e8d8da6281791617e21109719c981", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a868f771ee41c97a25a04b8c632a7f06689b307b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccb0a42d3f40c436295e0fef57ab613ae5b925a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json new file mode 100644 index 00000000000..fe58942bf4d --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50046", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.170", + "lastModified": "2025-06-18T11:15:33.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()\n\nThe issue happens on some error handling paths. When the function\nfails to grab the object `xprt`, it simply returns 0, forgetting to\ndecrease the reference count of another object `xps`, which is\nincreased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount\nleaks. Also, the function forgets to check whether `xps` is valid\nbefore using it, which may result in NULL-dereferencing issues.\n\nFix it by adding proper error handling code when either `xprt` or\n`xps` is NULL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/76fbeb1662b1c56514325118a07fba74dc4c79fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bfc48f1b0505ffcb03a6d749139b7577d6b81ae0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0434f0e058648649250b8ed6078b66d773de723", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json new file mode 100644 index 00000000000..de6c4a7c4b4 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50047", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.280", + "lastModified": "2025-06-18T11:15:33.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6060: prevent crash on an unused port\n\nIf the port isn't a CPU port nor a user port, 'cpu_dp'\nis a null pointer and a crash happened on dereferencing\nit in mv88e6060_setup_port():\n\n[ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014\n...\n[ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84\n[ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54\n[ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0\n[ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c\n[ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c\n[ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0\n[ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184\n[ 9.986632] __device_attach from bus_probe_device+0x8c/0x94\n[ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8\n[ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c\n[ 10.006292] process_one_work from worker_thread+0x30/0x4b8\n[ 10.012155] worker_thread from kthread+0xd4/0x10c\n[ 10.017238] kthread from ret_from_fork+0x14/0x3c" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/246bbf2f977ea36aaf41f5d24370fef433250728", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92dc64e8f591425ce4dabf7d479ebf6e67fb8853", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb1753bc689c7a7f94da6eee7efc1ae6d8abb36c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd236b62d25e44ecfa26b0910a12f8d8251aff00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3a4b55829617cad2d36fa6524367ef629566ba6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json new file mode 100644 index 00000000000..d5f8cd17f0d --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50048", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.393", + "lastModified": "2025-06-18T11:15:33.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: possible module reference underflow in error path\n\ndst->ops is set on when nft_expr_clone() fails, but module refcount has\nnot been bumped yet, therefore nft_expr_destroy() leads to module\nreference underflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e52e6cfec6342c3d0df47dc3a76724fb3dabf56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b59bee8b05b0e789b5a298cacb09e8aaa3367a29", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c485c35ff6783ccd12c160fcac6a0e504e83e0bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json new file mode 100644 index 00000000000..dec98080188 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50049", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.500", + "lastModified": "2025-06-18T11:15:33.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: DPCM: Don't pick up BE without substream\n\nWhen DPCM tries to add valid BE connections at dpcm_add_paths(), it\ndoesn't check whether the picked BE actually supports for the given\nstream direction. Due to that, when an asymmetric BE stream is\npresent, it picks up wrongly and this may result in a NULL dereference\nat a later point where the code assumes the existence of a\ncorresponding BE substream.\n\nThis patch adds the check for the presence of the substream for the\ntarget BE for avoiding the problem above.\n\nNote that we have already some fix for non-existing BE substream at\ncommit 6246f283d5e0 (\"ASoC: dpcm: skip missing substream while\napplying symmetry\"). But the code path we've hit recently is rather\nhappening before the previous fix. So this patch tries to fix at\npicking up a BE instead of parsing BE lists." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6a840e8ef6b6c56d1b7e6a555adc31135e517875", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/754590651ccbbcc74a7c20907be4bb15d642bde3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa803e6ecac78e93b24ebefa17c207d6392d8ad4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json new file mode 100644 index 00000000000..e6ed04581bc --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50050", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.613", + "lastModified": "2025-06-18T11:15:33.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in the buffer\noverflow (although it's unrealistic).\n\nThis patch replaces with a safer version, scnprintf() for papering\nover such a potential issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6ee1310f4d148dbf04c4159b88afd0b941018903", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94c1ceb043c1a002de9649bb630c8e8347645982", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7915c5614a7ece117ec390f21a410531eac48de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json new file mode 100644 index 00000000000..1dd52bb3fbf --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50051", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.723", + "lastModified": "2025-06-18T11:15:33.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: debug: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in the buffer\noverflow (although it's unrealistic).\n\nThis patch replaces with a safer version, scnprintf() for papering\nover such a potential issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1eb123ce985e6cf302ac6e3f19862d132d86fa8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a67971a17604ae7de278fb09243432459afc51e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b318b9dd2ac67f39d0338ce563879d1f59a0347a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json new file mode 100644 index 00000000000..89cd5ffeb4a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50052", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.833", + "lastModified": "2025-06-18T11:15:33.833", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in a buffer\noverflow (although it's unrealistic).\n\nThis patch replaces it with a safer version, scnprintf() for papering\nover such a potential issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/840311a09f75632b9d41fbc1cd5c7aea94ce5f7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json new file mode 100644 index 00000000000..71726296dca --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50053", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:33.940", + "lastModified": "2025-06-18T11:15:33.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix reset error handling\n\nDo not call iavf_close in iavf_reset_task error handling. Doing so can\nlead to double call of napi_disable, which can lead to deadlock there.\nRemoving VF would lead to iavf_remove task being stuck, because it\nrequires crit_lock, which is held by iavf_close.\nCall iavf_disable_vf if reset fail, so that driver will clean up\nremaining invalid resources.\nDuring rapid VF resets, HW can fail to setup VF mailbox. Wrong\nerror handling can lead to iavf_remove being stuck with:\n[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53\n...\n[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds.\n[ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.189764] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000\n[ 5267.190347] Call Trace:\n[ 5267.190647] \n[ 5267.190927] __schedule+0x460/0x9f0\n[ 5267.191264] schedule+0x44/0xb0\n[ 5267.191563] schedule_preempt_disabled+0x14/0x20\n[ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0\n[ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf]\n[ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf]\n[ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40\n[ 5267.193285] pci_device_remove+0x36/0xb0\n[ 5267.193619] device_release_driver_internal+0xc1/0x150\n[ 5267.193974] pci_stop_bus_device+0x69/0x90\n[ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20\n[ 5267.194735] pci_iov_remove_virtfn+0xba/0x120\n[ 5267.195130] sriov_disable+0x2f/0xe0\n[ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice]\n[ 5267.196056] ? pci_get_device+0x4f/0x70\n[ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice]\n[ 5267.196995] sriov_numvfs_store+0xfe/0x140\n[ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0\n[ 5267.197918] new_sync_write+0x10c/0x190\n[ 5267.198404] vfs_write+0x24e/0x2d0\n[ 5267.198886] ksys_write+0x5c/0xd0\n[ 5267.199367] do_syscall_64+0x3a/0x80\n[ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 5267.200317] RIP: 0033:0x7f5b381205c8\n[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8\n[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001\n[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820\n[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0\n[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002\n[ 5267.206041] \n[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks\n[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 5267.209623] Call Trace:\n[ 5267.210569] \n[ 5267.211480] dump_stack_lvl+0x33/0x42\n[ 5267.212472] panic+0x107/0x294\n[ 5267.213467] watchdog.cold.8+0xc/0xbb\n[ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30\n[ 5267.215511] kthread+0xf4/0x120\n[ 5267.216459] ? kthread_complete_and_exit+0x20/0x20\n[ 5267.217505] ret_from_fork+0x22/0x30\n[ 5267.218459] " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0828e27971f18ea317710acb228afe6e72606082", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/31071173771e079f7bc08dacd61e0db913262fbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/743dc4377bbac06a6fe44c3c5baf75a49439678a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json new file mode 100644 index 00000000000..f5b84ffdbd6 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50054", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.050", + "lastModified": "2025-06-18T11:15:34.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix NULL pointer dereference in iavf_get_link_ksettings\n\nFix possible NULL pointer dereference, due to freeing of adapter->vf_res\nin iavf_init_get_resources. Previous commit introduced a regression,\nwhere receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config\nwould free adapter->vf_res. However, netdev is still registered, so\nethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res,\nwill result with:\n[ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 9385.242683] #PF: supervisor read access in kernel mode\n[ 9385.242686] #PF: error_code(0x0000) - not-present page\n[ 9385.242690] PGD 0 P4D 0\n[ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n[ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf]\n[ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20\n[ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246\n[ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000\n[ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000\n[ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00\n[ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000\n[ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1\n[ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000\n[ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0\n[ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 9385.242787] Call Trace:\n[ 9385.242791] \n[ 9385.242793] ethtool_get_settings+0x71/0x1a0\n[ 9385.242814] __dev_ethtool+0x426/0x2f40\n[ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280\n[ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0\n[ 9385.242841] ? dev_ethtool+0x59/0x170\n[ 9385.242848] dev_ethtool+0xa7/0x170\n[ 9385.242856] dev_ioctl+0xc3/0x520\n[ 9385.242866] sock_do_ioctl+0xa0/0xe0\n[ 9385.242877] sock_ioctl+0x22f/0x320\n[ 9385.242885] __x64_sys_ioctl+0x84/0xc0\n[ 9385.242896] do_syscall_64+0x3a/0x80\n[ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 9385.242918] RIP: 0033:0x7f93702396db\n[ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48\n[ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db\n[ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007\n[ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330\n[ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80\n[ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0\n[ 9385.242948] \n[ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/541a1af451b0cb3779e915d48d08efb17915207b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b305c7e9363f5a174ee08ac5f056e4b209f0325b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json new file mode 100644 index 00000000000..3f54f1e7afe --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50055", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.160", + "lastModified": "2025-06-18T11:15:34.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix adminq error handling\n\niavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent\nmemory for VF mailbox.\nFree DMA regions for both ASQ and ARQ in case error happens during\nconfiguration of ASQ/ARQ registers.\nWithout this change it is possible to see when unloading interface:\n74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32]\nOne of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/35c63581fdefdcbaeae8cded18908523252353ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/419831617ed349992c84344dbd9e627f9e68f842", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4fe80492d53971d9a49f39f3c86d2d67c6f3638a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dab6b551f5ba4c79a0dd4970dd8533c37a7b100f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff289f2be5899efd0e897d2b434a78e36df2c69b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json new file mode 100644 index 00000000000..04922c538c1 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50056", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.277", + "lastModified": "2025-06-18T11:15:34.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix missing i_op in ntfs_read_mft\n\nThere is null pointer dereference because i_op == NULL.\nThe bug happens because we don't initialize i_op for records in $Extend." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37a530bfe56ca9a0d3129598803f2794c7428aae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8089a1bc27b41e6800590a92d17c119e9aa8ff53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c293e8abc09e6e1faa50d967bd8862b1cbd575e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json new file mode 100644 index 00000000000..df9fa6e7649 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50057", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.387", + "lastModified": "2025-06-18T11:15:34.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix NULL deref in ntfs_update_mftmirr\n\nIf ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.\nCode should check this ptr before dereferencing. Syzbot hit this issue\nvia passing wrong mount param as can be seen from log below\n\nFail log:\nntfs3: Unknown parameter 'iochvrset'\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nCPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0\n...\nCall Trace:\n \n put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463\n ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363\n put_fs_context+0x119/0x7a0 fs/fs_context.c:469\n do_new_mount+0x2b4/0xad0 fs/namespace.c:3044\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/321460ca3b55f48b3ba6008248264ab2bd6407d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e8e1a84dac7a3d2b432162a70d7fb6a75960772", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf6089dc01ba3194ab962105d7b85690843c256f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json new file mode 100644 index 00000000000..e7092574b94 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50058", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.497", + "lastModified": "2025-06-18T11:15:34.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim_blk: set number of address spaces and virtqueue groups\n\nCommit bda324fd037a (\"vdpasim: control virtqueue support\") added two\nnew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to\ninitialize them for vdpa_sim_blk.\n\nWhen creating a new vdpa_sim_blk device this causes the kernel\nto panic in this way:\n \u00a0 \u00a0$ vdpa dev add mgmtdev vdpasim_blk name blk0\n \u00a0 \u00a0BUG: kernel NULL pointer dereference, address: 0000000000000030\n \u00a0 \u00a0...\n \u00a0 \u00a0RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]\n \u00a0 \u00a0...\n \u00a0 \u00a0Call Trace:\n \u00a0 \u00a0 \n \u00a0 \u00a0 vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]\n \u00a0 \u00a0 vdpasim_map_range+0x91/0xd0 [vdpa_sim]\n \u00a0 \u00a0 vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]\n \u00a0 \u00a0 ...\n\nThis happens because vdpasim->iommu[0] is not initialized when\ndev_attr.nas is 0.\n\nLet's fix this issue by initializing both (nas, ngroups) to 1 for\nvdpa_sim_blk." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a291c7d289fac2cb13fb2614a9a251afbbd86ce9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json new file mode 100644 index 00000000000..deaeb92cb72 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50059", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.600", + "lastModified": "2025-06-18T11:15:34.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: don't leak snap_rwsem in handle_cap_grant\n\nWhen handle_cap_grant is called on an IMPORT op, then the snap_rwsem is\nheld and the function is expected to release it before returning. It\ncurrently fails to do that in all cases which could lead to a deadlock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/58dd4385577ed7969b80cdc9e2a31575aba6c712", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a090cc69699ec2d11b5e34cee8c61f0d4b0068cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aee18421bda6bf12a7cba6a3d7751c0e1cfd0094", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f546faa216d0f53a42ca73ba1fd8c48765b22d77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json new file mode 100644 index 00000000000..d14219dba5a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50060", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.710", + "lastModified": "2025-06-18T11:15:34.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f8fe40ab7730cf8eb6f8b8ff412012f7f6f8f48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc32347f48111eea8d0165538c92aca92ede83f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc5be2d4f9285efe0d16f1bf00250df91d05d809", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json new file mode 100644 index 00000000000..8fd38778c20 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50061", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.817", + "lastModified": "2025-06-18T11:15:34.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\"" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b32e054335ea0ce50967f63a7bfd4db058b14b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/587ac8ac00a1a9f4572785229d9441870fd7b187", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78d05103891d3e96144b846fbc39f2cfb3384eae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81abaab5a4b815c0ed9f4d2c9745777ac5cc395b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9272265f2f76629e1a67e6d49b3a4461b3da1a73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c26012a1e61c7bbd1b393d3bbae8dffdb6df65bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c35f89a9021fa947ecede0584ae509368a52ec5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f498542bc703bf1e5c6a1610e1ea493a437f0196", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json new file mode 100644 index 00000000000..afed6077095 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50062", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:34.930", + "lastModified": "2025-06-18T11:15:34.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\n\nOn one of our machines we got:\n\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [] lr : [] psr: 800a0313\nsp : ee32be14 ip : 000005ea fp : 00000bd4\nr10: ee558500 r9 : c0116298 r8 : 00000002\nr7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851\nr3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180\nFlags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 12c5387d Table: 8e88c04a DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00: ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[] (dql_completed) from [] (bgmac_poll+0x18c/0x6d8)\n[] (bgmac_poll) from [] (net_rx_action+0x1c4/0x494)\n[] (net_rx_action) from [] (do_current_softirqs+0x1ec/0x43c)\n[] (do_current_softirqs) from [] (__local_bh_enable+0x80/0x98)\n[] (__local_bh_enable) from [] (irq_forced_thread_fn+0x84/0x98)\n[] (irq_forced_thread_fn) from [] (irq_thread+0x118/0x1c0)\n[] (irq_thread) from [] (kthread+0x150/0x158)\n[] (kthread) from [] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\n\nThe issue seems similar to commit 90b3b339364c (\"net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl\") and potentially introduced by commit\nb38c83dd0866 (\"bgmac: simplify tx ring index handling\").\n\nIf there is an RX interrupt between setting ring->end\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\n\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b7680c6c1f6de9904f1d9b05c952f0c64a03350", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab2b55bb25db289ba0b68e3d58494476bdb1041d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac6d4482f29ab992b605c1b4bd1347f1f679f4e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c506c9a97120f43257e9b3ce7b1f9a24eafc3787", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da1421a29d3b8681ba6a7f686bd0b40dda5acaf3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json new file mode 100644 index 00000000000..77cc597597a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50063", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.047", + "lastModified": "2025-06-18T11:15:35.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: suppress non-changes to the tagging protocol\n\nThe way in which dsa_tree_change_tag_proto() works is that when\ndsa_tree_notify() fails, it doesn't know whether the operation failed\nmid way in a multi-switch tree, or it failed for a single-switch tree.\nSo even though drivers need to fail cleanly in\nds->ops->change_tag_protocol(), DSA will still call dsa_tree_notify()\nagain, to restore the old tag protocol for potential switches in the\ntree where the change did succeeed (before failing for others).\n\nThis means for the felix driver that if we report an error in\nfelix_change_tag_protocol(), we'll get another call where proto_ops ==\nold_proto_ops. If we proceed to act upon that, we may do unexpected\nthings. For example, we will call dsa_tag_8021q_register() twice in a\nrow, without any dsa_tag_8021q_unregister() in between. Then we will\nactually call dsa_tag_8021q_unregister() via old_proto_ops->teardown,\nwhich (if it manages to run at all, after walking through corrupted data\nstructures) will leave the ports inoperational anyway.\n\nThe bug can be readily reproduced if we force an error while in\ntag_8021q mode; this crashes the kernel.\n\necho ocelot-8021q > /sys/class/net/eno2/dsa/tagging\necho edsa > /sys/class/net/eno2/dsa/tagging # -EPROTONOSUPPORT\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000014\nCall trace:\n vcap_entry_get+0x24/0x124\n ocelot_vcap_filter_del+0x198/0x270\n felix_tag_8021q_vlan_del+0xd4/0x21c\n dsa_switch_tag_8021q_vlan_del+0x168/0x2cc\n dsa_switch_event+0x68/0x1170\n dsa_tree_notify+0x14/0x34\n dsa_port_tag_8021q_vlan_del+0x84/0x110\n dsa_tag_8021q_unregister+0x15c/0x1c0\n felix_tag_8021q_teardown+0x16c/0x180\n felix_change_tag_protocol+0x1bc/0x230\n dsa_switch_event+0x14c/0x1170\n dsa_tree_change_tag_proto+0x118/0x1c0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c46bb49460ee14c69629e813640d8b929e88941", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e432f157c3edc5a97a7244c666589a438f5e4d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json new file mode 100644 index 00000000000..62e6237a6b3 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50064", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.157", + "lastModified": "2025-06-18T11:15:35.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Avoid use-after-free on suspend/resume\n\nhctx->user_data is set to vq in virtblk_init_hctx(). However, vq is\nfreed on suspend and reallocated on resume. So, hctx->user_data is\ninvalid after resume, and it will cause use-after-free accessing which\nwill result in the kernel crash something like below:\n\n[ 22.428391] Call Trace:\n[ 22.428899] \n[ 22.429339] virtqueue_add_split+0x3eb/0x620\n[ 22.430035] ? __blk_mq_alloc_requests+0x17f/0x2d0\n[ 22.430789] ? kvm_clock_get_cycles+0x14/0x30\n[ 22.431496] virtqueue_add_sgs+0xad/0xd0\n[ 22.432108] virtblk_add_req+0xe8/0x150\n[ 22.432692] virtio_queue_rqs+0xeb/0x210\n[ 22.433330] blk_mq_flush_plug_list+0x1b8/0x280\n[ 22.434059] __blk_flush_plug+0xe1/0x140\n[ 22.434853] blk_finish_plug+0x20/0x40\n[ 22.435512] read_pages+0x20a/0x2e0\n[ 22.436063] ? folio_add_lru+0x62/0xa0\n[ 22.436652] page_cache_ra_unbounded+0x112/0x160\n[ 22.437365] filemap_get_pages+0xe1/0x5b0\n[ 22.437964] ? context_to_sid+0x70/0x100\n[ 22.438580] ? sidtab_context_to_sid+0x32/0x400\n[ 22.439979] filemap_read+0xcd/0x3d0\n[ 22.440917] xfs_file_buffered_read+0x4a/0xc0\n[ 22.441984] xfs_file_read_iter+0x65/0xd0\n[ 22.442970] __kernel_read+0x160/0x2e0\n[ 22.443921] bprm_execve+0x21b/0x640\n[ 22.444809] do_execveat_common.isra.0+0x1a8/0x220\n[ 22.446008] __x64_sys_execve+0x2d/0x40\n[ 22.446920] do_syscall_64+0x37/0x90\n[ 22.447773] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis patch fixes this issue by getting vq from vblk, and removes\nvirtblk_init_hctx()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b54e14535bc34bf649372060d518ec9f2b893b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8d12ec10292877751ee4463b11a63bd850bc09b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json new file mode 100644 index 00000000000..71ff62df0d5 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50065", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.267", + "lastModified": "2025-06-18T11:15:35.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: fix memory leak inside XPD_TX with mergeable\n\nWhen we call xdp_convert_buff_to_frame() to get xdpf, if it returns\nNULL, we should check if xdp_page was allocated by xdp_linearize_page().\nIf it is newly allocated, it should be freed here alone. Just like any\nother \"goto err_xdp\"." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18e383afbd7047af7b055df6e25436e0ce28f8a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a542bee27c6a57e45c33cbbdc963325fd6493af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3723eab11196475ef83279571b2b0bd0924cf82", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/faafa2a87f697ee537c29446097e1cc3143506fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json new file mode 100644 index 00000000000..902dd119867 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50066", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.377", + "lastModified": "2025-06-18T11:15:35.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: fix aq_vec index out of range error\n\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] \n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] \n\nv2. fixed \"warning: variable 'aq_vec' set but not used\"\n\nv3. simplified a for loop" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23bf155476539354ab5c8cc9bb460fd1209b39b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/422a02a771599cac96f2b2900d993e0bb7ba5b88", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df60c534d4c5a681172952dd4b475a5d818b3a86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json new file mode 100644 index 00000000000..5dcead561cd --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50067", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.490", + "lastModified": "2025-06-18T11:15:35.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: unset reloc control if transaction commit fails in prepare_to_relocate()\n\nIn btrfs_relocate_block_group(), the rc is allocated. Then\nbtrfs_relocate_block_group() calls\n\nrelocate_block_group()\n prepare_to_relocate()\n set_reloc_control()\n\nthat assigns rc to the variable fs_info->reloc_ctl. When\nprepare_to_relocate() returns, it calls\n\nbtrfs_commit_transaction()\n btrfs_start_dirty_block_groups()\n btrfs_alloc_path()\n kmem_cache_zalloc()\n\nwhich may fail for example (or other errors could happen). When the\nfailure occurs, btrfs_relocate_block_group() detects the error and frees\nrc and doesn't set fs_info->reloc_ctl to NULL. After that, in\nbtrfs_init_reloc_root(), rc is retrieved from fs_info->reloc_ctl and\nthen used, which may cause a use-after-free bug.\n\nThis possible bug can be triggered by calling btrfs_ioctl_balance()\nbefore calling btrfs_ioctl_defrag().\n\nTo fix this possible bug, in prepare_to_relocate(), check if\nbtrfs_commit_transaction() fails. If the failure occurs,\nunset_reloc_control() is called to set fs_info->reloc_ctl to NULL.\n\nThe error log in our fault-injection testing is shown as follows:\n\n [ 58.751070] BUG: KASAN: use-after-free in btrfs_init_reloc_root+0x7ca/0x920 [btrfs]\n ...\n [ 58.753577] Call Trace:\n ...\n [ 58.755800] kasan_report+0x45/0x60\n [ 58.756066] btrfs_init_reloc_root+0x7ca/0x920 [btrfs]\n [ 58.757304] record_root_in_trans+0x792/0xa10 [btrfs]\n [ 58.757748] btrfs_record_root_in_trans+0x463/0x4f0 [btrfs]\n [ 58.758231] start_transaction+0x896/0x2950 [btrfs]\n [ 58.758661] btrfs_defrag_root+0x250/0xc00 [btrfs]\n [ 58.759083] btrfs_ioctl_defrag+0x467/0xa00 [btrfs]\n [ 58.759513] btrfs_ioctl+0x3c95/0x114e0 [btrfs]\n ...\n [ 58.768510] Allocated by task 23683:\n [ 58.768777] ____kasan_kmalloc+0xb5/0xf0\n [ 58.769069] __kmalloc+0x227/0x3d0\n [ 58.769325] alloc_reloc_control+0x10a/0x3d0 [btrfs]\n [ 58.769755] btrfs_relocate_block_group+0x7aa/0x1e20 [btrfs]\n [ 58.770228] btrfs_relocate_chunk+0xf1/0x760 [btrfs]\n [ 58.770655] __btrfs_balance+0x1326/0x1f10 [btrfs]\n [ 58.771071] btrfs_balance+0x3150/0x3d30 [btrfs]\n [ 58.771472] btrfs_ioctl_balance+0xd84/0x1410 [btrfs]\n [ 58.771902] btrfs_ioctl+0x4caa/0x114e0 [btrfs]\n ...\n [ 58.773337] Freed by task 23683:\n ...\n [ 58.774815] kfree+0xda/0x2b0\n [ 58.775038] free_reloc_control+0x1d6/0x220 [btrfs]\n [ 58.775465] btrfs_relocate_block_group+0x115c/0x1e20 [btrfs]\n [ 58.775944] btrfs_relocate_chunk+0xf1/0x760 [btrfs]\n [ 58.776369] __btrfs_balance+0x1326/0x1f10 [btrfs]\n [ 58.776784] btrfs_balance+0x3150/0x3d30 [btrfs]\n [ 58.777185] btrfs_ioctl_balance+0xd84/0x1410 [btrfs]\n [ 58.777621] btrfs_ioctl+0x4caa/0x114e0 [btrfs]\n ..." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5d741afed0bac206640cc64d77b97853283cf719", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78f8c2370e3d33e35f23bdc648653d779aeacb6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85f02d6c856b9f3a0acf5219de6e32f58b9778eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e546674031fc1576da501e27a8fd165222e5a37", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b60e862e133f646f19023ece1d476d630a660de1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff0e8ed8dfb584575cffc1561f17a1d094e8565b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json new file mode 100644 index 00000000000..391e3e72750 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50068", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.620", + "lastModified": "2025-06-18T11:15:35.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix dummy res NULL ptr deref bug\n\nCheck the bo->resource value before accessing the resource\nmem_type.\n\nv2: Fix commit description unwrapped warning\n\n\n[ 40.191227][ T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI\n[ 40.192995][ T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n[ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1\n[ 40.196063][ T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014\n[ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm]\n[ 40.200754][ T184] Code: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58\n[ 40.203685][ T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202\n[ 40.204630][ T184] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1102f4bb71b\n[ 40.205864][ T184] RDX: 0000000000000002 RSI: ffffc900006df208 RDI: 0000000000000010\n[ 40.207102][ T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000\n[ 40.208394][ T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110\n[ 40.209692][ T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208\n[ 40.210862][ T184] FS: 00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000\n[ 40.212250][ T184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 40.213275][ T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0\n[ 40.214469][ T184] Call Trace:\n[ 40.214974][ T184] \n[ 40.215438][ T184] ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm]\n[ 40.216572][ T184] ? mutex_spin_on_owner+0x240/0x240\n[ 40.217456][ T184] ? drm_vma_offset_add+0xaa/0x100 [drm]\n[ 40.218457][ T184] ttm_bo_init_reserved+0x3d6/0x540 [ttm]\n[ 40.219410][ T184] ? shmem_get_inode+0x744/0x980\n[ 40.220231][ T184] ttm_bo_init_validate+0xb1/0x200 [ttm]\n[ 40.221172][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.222530][ T184] ? ttm_bo_init_reserved+0x540/0x540 [ttm]\n[ 40.223643][ T184] ? __do_sys_finit_module+0x11a/0x1c0\n[ 40.224654][ T184] ? __shmem_file_setup+0x102/0x280\n[ 40.234764][ T184] drm_gem_vram_create+0x305/0x480 [drm_vram_helper]\n[ 40.235766][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.236846][ T184] ? __kasan_slab_free+0x108/0x180\n[ 40.237650][ T184] drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper]\n[ 40.238864][ T184] ? local_pci_probe+0xdf/0x180\n[ 40.239674][ T184] ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper]\n[ 40.240826][ T184] drm_client_framebuffer_create+0x19c/0x400 [drm]\n[ 40.241955][ T184] ? drm_client_buffer_delete+0x200/0x200 [drm]\n[ 40.243001][ T184] ? drm_client_pick_crtcs+0x554/0xb80 [drm]\n[ 40.244030][ T184] drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper]\n[ 40.245226][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.245987][ T184] ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper]\n[ 40.247316][ T184] ? mutex_unlock+0x80/0x100\n[ 40.248005][ T184] ? __mutex_unlock_slowpath+0x2c0/0x2c0\n[ 40.249083][ T184] drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper]\n[ 40.250314][ T184] ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper]\n[ 40.251540][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.252321][ T184] ? mutex_lock+0x9f/0x100\n[ 40.253062][ T184] __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper]\n[ 40.254394][ T184] drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper]\n[ 40.255477][ T184] drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper]\n[ 40.256607][ T184] bochs_pci_probe+0x6b7/0x900 [bochs]\n[ \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/76672cd326c146ded2c2712ff257b8908dcf23d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9bd970d4097287778a4449452e70b35d0bfaa3aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf4b7387c0a842d64bdd7c353e6d3298174a7740", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json new file mode 100644 index 00000000000..2b7a0c0619a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50069", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.733", + "lastModified": "2025-06-18T11:15:35.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBPF: Fix potential bad pointer dereference in bpf_sys_bpf()\n\nThe bpf_sys_bpf() helper function allows an eBPF program to load another\neBPF program from within the kernel. In this case the argument union\nbpf_attr pointer (as well as the insns and license pointers inside) is a\nkernel address instead of a userspace address (which is the case of a\nusual bpf() syscall). To make the memory copying process in the syscall\nwork in both cases, bpfptr_t was introduced to wrap around the pointer\nand distinguish its origin. Specifically, when copying memory contents\nfrom a bpfptr_t, a copy_from_user() is performed in case of a userspace\naddress and a memcpy() is performed for a kernel address.\n\nThis can lead to problems because the in-kernel pointer is never checked\nfor validity. The problem happens when an eBPF syscall program tries to\ncall bpf_sys_bpf() to load a program but provides a bad insns pointer --\nsay 0xdeadbeef -- in the bpf_attr union. The helper calls __sys_bpf()\nwhich would then call bpf_prog_load() to load the program.\nbpf_prog_load() is responsible for copying the eBPF instructions to the\nnewly allocated memory for the program; it creates a kernel bpfptr_t for\ninsns and invokes copy_from_bpfptr(). Internally, all bpfptr_t\noperations are backed by the corresponding sockptr_t operations, which\nperforms direct memcpy() on kernel pointers for copy_from/strncpy_from\noperations. Therefore, the code is always happy to dereference the bad\npointer to trigger a un-handle-able page fault and in turn an oops.\nHowever, this is not supposed to happen because at that point the eBPF\nprogram is already verified and should not cause a memory error.\n\nSample KASAN trace:\n\n[ 25.685056][ T228] ==================================================================\n[ 25.685680][ T228] BUG: KASAN: user-memory-access in copy_from_bpfptr+0x21/0x30\n[ 25.686210][ T228] Read of size 80 at addr 00000000deadbeef by task poc/228\n[ 25.686732][ T228]\n[ 25.686893][ T228] CPU: 3 PID: 228 Comm: poc Not tainted 5.19.0-rc7 #7\n[ 25.687375][ T228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014\n[ 25.687991][ T228] Call Trace:\n[ 25.688223][ T228] \n[ 25.688429][ T228] dump_stack_lvl+0x73/0x9e\n[ 25.688747][ T228] print_report+0xea/0x200\n[ 25.689061][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.689401][ T228] ? _printk+0x54/0x6e\n[ 25.689693][ T228] ? _raw_spin_lock_irqsave+0x70/0xd0\n[ 25.690071][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.690412][ T228] kasan_report+0xb5/0xe0\n[ 25.690716][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691059][ T228] kasan_check_range+0x2bd/0x2e0\n[ 25.691405][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691734][ T228] memcpy+0x25/0x60\n[ 25.692000][ T228] copy_from_bpfptr+0x21/0x30\n[ 25.692328][ T228] bpf_prog_load+0x604/0x9e0\n[ 25.692653][ T228] ? cap_capable+0xb4/0xe0\n[ 25.692956][ T228] ? security_capable+0x4f/0x70\n[ 25.693324][ T228] __sys_bpf+0x3af/0x580\n[ 25.693635][ T228] bpf_sys_bpf+0x45/0x240\n[ 25.693937][ T228] bpf_prog_f0ec79a5a3caca46_bpf_func1+0xa2/0xbd\n[ 25.694394][ T228] bpf_prog_run_pin_on_cpu+0x2f/0xb0\n[ 25.694756][ T228] bpf_prog_test_run_syscall+0x146/0x1c0\n[ 25.695144][ T228] bpf_prog_test_run+0x172/0x190\n[ 25.695487][ T228] __sys_bpf+0x2c5/0x580\n[ 25.695776][ T228] __x64_sys_bpf+0x3a/0x50\n[ 25.696084][ T228] do_syscall_64+0x60/0x90\n[ 25.696393][ T228] ? fpregs_assert_state_consistent+0x50/0x60\n[ 25.696815][ T228] ? exit_to_user_mode_prepare+0x36/0xa0\n[ 25.697202][ T228] ? syscall_exit_to_user_mode+0x20/0x40\n[ 25.697586][ T228] ? do_syscall_64+0x6e/0x90\n[ 25.697899][ T228] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 25.698312][ T228] RIP: 0033:0x7f6d543fb759\n[ 25.698624][ T228] Code: 08 5b 89 e8 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f6db7148ed7382b336c5827af33b5d9e992630e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/41fd6cc88aaf7058b9dfc9c7a09cc80f99c8c830", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2dcac2f58f5a95ab092d1da237ffdc0da1832cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json new file mode 100644 index 00000000000..ea139a1f85d --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50070", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.843", + "lastModified": "2025-06-18T11:15:35.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: do not queue data on closed subflows\n\nDipanjan reported a syzbot splat at close time:\n\nWARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153\ninet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nModules linked in: uio_ivshmem(OE) uio(E)\nCPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE\n5.19.0-rc6-g2eae0556bb9d #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nRIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nCode: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91\nf9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b\ne9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d\nRSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00\nRDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002\nRBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000\nR10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400\nR13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258\nFS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0\nCall Trace:\n \n __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067\n sk_destruct+0xbd/0xe0 net/core/sock.c:2112\n __sk_free+0xef/0x3d0 net/core/sock.c:2123\n sk_free+0x78/0xa0 net/core/sock.c:2134\n sock_put include/net/sock.h:1927 [inline]\n __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351\n __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828\n mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586\n process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289\n worker_thread+0x623/0x1070 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n \n\nThe root cause of the problem is that an mptcp-level (re)transmit can\nrace with mptcp_close() and the packet scheduler checks the subflow\nstate before acquiring the socket lock: we can try to (re)transmit on\nan already closed ssk.\n\nFix the issue checking again the subflow socket status under the\nsubflow socket lock protection. Additionally add the missing check\nfor the fallback-to-tcp case." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8caf5c15b5288d52d9c89374d6c10fa32ee84ec5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c886d70286bf3ad411eb3d689328a67f7102c6ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json new file mode 100644 index 00000000000..4a92df59c72 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50071", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:35.950", + "lastModified": "2025-06-18T11:15:35.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: move subflow cleanup in mptcp_destroy_common()\n\nIf the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE\neBPF program, the MPTCP protocol ends-up leaking all the subflows:\nthe related cleanup happens in __mptcp_destroy_sock() that is not\ninvoked in such code path.\n\nAddress the issue moving the subflow sockets cleanup in the\nmptcp_destroy_common() helper, which is invoked in every msk cleanup\npath.\n\nAdditionally get rid of the intermediate list_splice_init step, which\nis an unneeded relic from the past.\n\nThe issue is present since before the reported root cause commit, but\nany attempt to backport the fix before that hash will require a complete\nrewrite." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6139039c8fc5c9dbcdc3ad389b9a6d0cacb4d693", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0bf3c6aa444a5ef44acc57ef6cfa53fd4fc1c9b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json new file mode 100644 index 00000000000..7a2b6aa870e --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50072", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.057", + "lastModified": "2025-06-18T11:15:36.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json new file mode 100644 index 00000000000..26c9f4449ba --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50073", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.173", + "lastModified": "2025-06-18T11:15:36.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null\n\nFixes a NULL pointer derefence bug triggered from tap driver.\nWhen tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null\n(in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb)\nvirtio_net_hdr_to_skb calls dev_parse_header_protocol which\nneeds skb->dev field to be valid.\n\nThe line that trigers the bug is in dev_parse_header_protocol\n(dev is at offset 0x10 from skb and is stored in RAX register)\n if (!dev->header_ops || !dev->header_ops->parse_protocol)\n 22e1: mov 0x10(%rbx),%rax\n 22e5:\t mov 0x230(%rax),%rax\n\nSetting skb->dev before the call in tap.c fixes the issue.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000230\nRIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap]\nCode: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 <48> 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48\nRSP: 0018:ffffc90005c27c38 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010\nRDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300\nRBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8\nR10: ffff88858ec77458 R11: 0000000000000000 R12: 0000000000000001\nR13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6\nFS: 0000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0\nCall Trace:\n tap_get_user+0x3f1/0x540 [tap]\n tap_sendmsg+0x56/0x362 [tap]\n ? get_tx_bufs+0xc2/0x1e0 [vhost_net]\n handle_tx_copy+0x114/0x670 [vhost_net]\n handle_tx+0xb0/0xe0 [vhost_net]\n handle_tx_kick+0x15/0x20 [vhost_net]\n vhost_worker+0x7b/0xc0 [vhost]\n ? vhost_vring_call_reset+0x40/0x40 [vhost]\n kthread+0xfa/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4f61f133f354853bc394ec7d6028adb9b02dd701", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd29648fcf69339713f2d25f7014ae905dcdfc18", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json new file mode 100644 index 00000000000..b03f185eb35 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50074", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.283", + "lastModified": "2025-06-18T11:15:36.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix memleak in aa_simple_write_to_buffer()\n\nWhen copy_from_user failed, the memory is freed by kvfree. however the\nmanagement struct and data blob are allocated independently, so only\nkvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to\nfix this issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/417ea9fe972d2654a268ad66e89c8fcae67017c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6500eb3a48ac221051b1791818a1ac74744ef617", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6583edbf459de2e06b9759f264c0ae27e452b97a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7db182a2ebeefded86fea542fcc5d6a68bb77f58", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8aab4295582eb397a125d2788b829fa62b88dbf7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf7ebebce2c25071c719fd8a2f1307e0c243c2d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json new file mode 100644 index 00000000000..90033ebe8cd --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50075", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.397", + "lastModified": "2025-06-18T11:15:36.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Have event probes be consistent with kprobes and uprobes\n\nCurrently, if a symbol \"@\" is attempted to be used with an event probe\n(eprobes), it will cause a NULL pointer dereference crash.\n\nBoth kprobes and uprobes can reference data other than the main registers.\nSuch as immediate address, symbols and the current task name. Have eprobes\ndo the same thing.\n\nFor \"comm\", if \"comm\" is used and the event being attached to does not\nhave the \"comm\" field, then make it the \"$comm\" that kprobes has. This is\nconsistent to the way histograms and filters work." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/47cc883f21fa3bcf24891b4b455f4cd461ce2d6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6a832ec3d680b3a4f4fad5752672827d71bae501", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b489aca082a23033a3d8355cfb0032f0e2523440", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json new file mode 100644 index 00000000000..0c105206f4a --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50076", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.513", + "lastModified": "2025-06-18T11:15:36.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory leak on the deferred close\n\nxfstests on smb21 report kmemleak as below:\n\n unreferenced object 0xffff8881767d6200 (size 64):\n comm \"xfs_io\", pid 1284, jiffies 4294777434 (age 20.789s)\n hex dump (first 32 bytes):\n 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c....\n 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v............\n backtrace:\n [<00000000ad04e6ea>] cifs_close+0x92/0x2c0\n [<0000000028b93c82>] __fput+0xff/0x3f0\n [<00000000d8116851>] task_work_run+0x85/0xc0\n [<0000000027e14f9e>] do_exit+0x5e5/0x1240\n [<00000000fb492b95>] do_group_exit+0x58/0xe0\n [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30\n [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80\n [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen cancel the deferred close work, we should also cleanup the struct\ncifs_deferred_close." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/60b6d38add7b9c17d6e5d49ee8e930ea1a5650c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/860efae127888ae535bc4eda1b7f27642727c69e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca08d0eac020d48a3141dbec0a3cf64fbdb17cde", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json new file mode 100644 index 00000000000..1da6de57415 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50077", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.627", + "lastModified": "2025-06-18T11:15:36.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix reference count leak in aa_pivotroot()\n\nThe aa_pivotroot() function has a reference counting bug in a specific\npath. When aa_replace_current_label() returns on success, the function\nforgets to decrement the reference count of \u201ctarget\u201d, which is\nincreased earlier by build_pivotroot(), causing a reference leak.\n\nFix it by decreasing the refcount of \u201ctarget\u201d in that path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/11c3627ec6b56c1525013f336f41b79a983b4d46", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ceeb3296e9dde1d5772348046affcefdea605e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ca40ad7afae144169a43988ef1a3f16182faf0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/64103ea357734b82384c925cba4758fdb909be0c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d53194707d2a1851be027cd74266b96ceff799d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef6fb6f0d0d8440595b45a7e53c6162c737177f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4d5c7796571624e3f380b447ada52834270a287", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json new file mode 100644 index 00000000000..8665dedbc4b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50078", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.753", + "lastModified": "2025-06-18T11:15:36.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Do not allow eprobes to use $stack, or % for regs\n\nWhile playing with event probes (eprobes), I tried to see what would\nhappen if I attempted to retrieve the instruction pointer (%rip) knowing\nthat event probes do not use pt_regs. The result was:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000024\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309\n Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01\nv03.03 07/14/2016\n RIP: 0010:get_event_field.isra.0+0x0/0x50\n Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8\n50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24\n8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74\n RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086\n RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000\n RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8\n R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff916c9ea40000(0000)\nknlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0\n Call Trace:\n \n get_eprobe_size+0xb4/0x640\n ? __mod_node_page_state+0x72/0xc0\n __eprobe_trace_func+0x59/0x1a0\n ? __mod_lruvec_page_state+0xaa/0x1b0\n ? page_remove_file_rmap+0x14/0x230\n ? page_remove_rmap+0xda/0x170\n event_triggers_call+0x52/0xe0\n trace_event_buffer_commit+0x18f/0x240\n trace_event_raw_event_sched_wakeup_template+0x7a/0xb0\n try_to_wake_up+0x260/0x4c0\n __wake_up_common+0x80/0x180\n __wake_up_common_lock+0x7c/0xc0\n do_notify_parent+0x1c9/0x2a0\n exit_notify+0x1a9/0x220\n do_exit+0x2ba/0x450\n do_group_exit+0x2d/0x90\n __x64_sys_exit_group+0x14/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nObviously this is not the desired result.\n\nMove the testing for TPARG_FL_TPOINT which is only used for event probes\nto the top of the \"$\" variable check, as all the other variables are not\nused for event probes. Also add a check in the register parsing \"%\" to\nfail if an event probe is used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2673c60ee67e71f2ebe34386e62d348f71edee47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7c262114a576d94c0ced80e232bbb17391a55908", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba53c21ce9773743b8e0a8ada048c96ff2d55c67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json new file mode 100644 index 00000000000..9327f1063df --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50079", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.873", + "lastModified": "2025-06-18T11:15:36.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check correct bounds for stream encoder instances for DCN303\n\n[Why & How]\neng_id for DCN303 cannot be more than 1, since we have only two\ninstances of stream encoders.\n\nCheck the correct boundary condition for engine ID for DCN303 prevent\nthe potential out of bounds access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c31dca1799612eb3b6413e3e574f90c3fb8f865", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82a27c1855445d48aacc67b0c0640f3dadebe52f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89b008222c2bf21e50219725caed31590edfd9d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json new file mode 100644 index 00000000000..8dd2c7a8ff0 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50080", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:36.980", + "lastModified": "2025-06-18T11:15:36.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: add overflow check in register_shm_helper()\n\nWith special lengths supplied by user space, register_shm_helper() has\nan integer overflow when calculating the number of pages covered by a\nsupplied user space memory region.\n\nThis causes internal_get_user_pages_fast() a helper function of\npin_user_pages_fast() to do a NULL pointer dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n Modules linked in:\n CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pc : internal_get_user_pages_fast+0x474/0xa80\n Call trace:\n internal_get_user_pages_fast+0x474/0xa80\n pin_user_pages_fast+0x24/0x4c\n register_shm_helper+0x194/0x330\n tee_shm_register_user_buf+0x78/0x120\n tee_ioctl+0xd0/0x11a0\n __arm64_sys_ioctl+0xa8/0xec\n invoke_syscall+0x48/0x114\n\nFix this by adding an an explicit call to access_ok() in\ntee_shm_register_user_buf() to catch an invalid user space address\nearly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2f8e79a1a6128214cb9b205a9869341af5dfb16b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/573ae4f13f630d6660008f1974c0a8a29c30e18a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/578c349570d2a912401963783b36e0ec7a25c053", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58c008d4d398f792ca67f35650610864725518fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/965333345fe952cc7eebc8e3a565ffc709441af2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b37e0f17653c00b586cdbcdf0dbca475358ecffd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c12f0e6126ad223806a365084e86370511654bf1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50081.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50081.json new file mode 100644 index 00000000000..94378af28eb --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50081.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50081", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.103", + "lastModified": "2025-06-18T11:15:37.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Unconditionally get a ref to /dev/kvm module when creating a VM\n\nUnconditionally get a reference to the /dev/kvm module when creating a VM\ninstead of using try_get_module(), which will fail if the module is in\nthe process of being forcefully unloaded. The error handling when\ntry_get_module() fails doesn't properly unwind all that has been done,\ne.g. doesn't call kvm_arch_pre_destroy_vm() and doesn't remove the VM\nfrom the global list. Not removing VMs from the global list tends to be\nfatal, e.g. leads to use-after-free explosions.\n\nThe obvious alternative would be to add proper unwinding, but the\njustification for using try_get_module(), \"rmmod --wait\", is completely\nbogus as support for \"rmmod --wait\", i.e. delete_module() without\nO_NONBLOCK, was removed by commit 3f2b9c9cdf38 (\"module: remove rmmod\n--wait option.\") nearly a decade ago.\n\nIt's still possible for try_get_module() to fail due to the module dying\n(more like being killed), as the module will be tagged MODULE_STATE_GOING\nby \"rmmod --force\", i.e. delete_module(..., O_TRUNC), but playing nice\nwith forced unloading is an exercise in futility and gives a falsea sense\nof security. Using try_get_module() only prevents acquiring _new_\nreferences, it doesn't magically put the references held by other VMs,\nand forced unloading doesn't wait, i.e. \"rmmod --force\" on KVM is all but\nguaranteed to cause spectacular fireworks; the window where KVM will fail\ntry_get_module() is tiny compared to the window where KVM is building and\nrunning the VM with an elevated module refcount.\n\nAddressing KVM's inability to play nice with \"rmmod --force\" is firmly\nout-of-scope. Forcefully unloading any module taints kernel (for obvious\nreasons) _and_ requires the kernel to be built with\nCONFIG_MODULE_FORCE_UNLOAD=y, which is off by default and comes with the\namusing disclaimer that it's \"mainly for kernel developers and desperate\nusers\". In other words, KVM is free to scoff at bug reports due to using\n\"rmmod --force\" while VMs may be running." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/177bf354200962c6f0de6dd37c86a9bf3b54003a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/405294f29faee5de8c10cb9d4a90e229c2835279", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/865e08b77c244eed0b80439320e7e8440f61ebce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json new file mode 100644 index 00000000000..49fc3ea70b7 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50082", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.223", + "lastModified": "2025-06-18T11:15:37.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in ext4_iomap_begin as race between bmap and write\n\nWe got issue as follows:\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0\nRIP: 0010:ext4_iomap_begin+0x182/0x5d0\nRSP: 0018:ffff88812460fa08 EFLAGS: 00010293\nRAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f\nR10: ffff88812c669077 R11: ffffed10258cd20e R12: 0000000000000001\nR13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee\nFS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n iomap_apply+0x119/0x570\n iomap_bmap+0x124/0x150\n ext4_bmap+0x14f/0x250\n bmap+0x55/0x80\n do_vfs_ioctl+0x952/0xbd0\n __x64_sys_ioctl+0xc6/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAbove issue may happen as follows:\n bmap write\nbmap\n ext4_bmap\n iomap_bmap\n ext4_iomap_begin\n ext4_file_write_iter\n\t\t\t ext4_buffered_write_iter\n\t\t\t generic_perform_write\n\t\t\t\t ext4_da_write_begin\n\t\t\t\t ext4_da_write_inline_data_begin\n\t\t\t\t ext4_prepare_inline_data\n\t\t\t\t ext4_create_inline_data\n\t\t\t\t\t ext4_set_inode_flag(inode,\n\t\t\t\t\t\tEXT4_INODE_INLINE_DATA);\n if (WARN_ON_ONCE(ext4_has_inline_data(inode))) ->trigger bug_on\n\nTo solved above issue hold inode lock in ext4_bamp." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/30dfb75e1f8645404a536c74d468d498adcd4e74", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51ae846cff568c8c29921b1b28eb2dfbcd4ac12d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9fe6d1e3d343d7309f501b1f48020ce7127221f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e1682c7171a6c0ff576fe8116b8cba5b8f538b94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa6482f374fda29a71ad44d76d35b4842d43cda4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json new file mode 100644 index 00000000000..f6b23caabf0 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50083", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.340", + "lastModified": "2025-06-18T11:15:37.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h\n\nWhen adding an xattr to an inode, we must ensure that the inode_size is\nnot less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,\nthe end position may be greater than the start position, resulting in UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0e69cf833161b29b2e25dcbf2f2b4e70d75b15cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/179b14152dcb6a24c3415200603aebca70ff13af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2da44a2927a71bff2bc66cefa8cfbd2ace702536", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/37d82aa78346866552d573e8badc0aa8db8f1eea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cdc284ffadd6a989f24107ee7f09be43b748fbb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/748d17d47687e178f8e38938447fa4636c071c41", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6321fda51e5b4dd7ec295afb84cbf63c2634c7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f217b1ccb178475192e6a516fab7230f51ddae94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json new file mode 100644 index 00000000000..fad02d6dcc9 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50084", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.460", + "lastModified": "2025-06-18T11:15:37.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_status\n\nThere is this warning when using a kernel with the address sanitizer\nand running this testsuite:\nhttps://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]\nRead of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319\nCPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3. #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n \n dump_stack_lvl+0x6a/0x9c\n print_address_description.constprop.0+0x1f/0x1e0\n print_report.cold+0x55/0x244\n kasan_report+0xc9/0x100\n raid_status+0x1747/0x2820 [dm_raid]\n dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]\n table_load+0x35c/0x630 [dm_mod]\n ctl_ioctl+0x411/0x630 [dm_mod]\n dm_ctl_ioctl+0xa/0x10 [dm_mod]\n __x64_sys_ioctl+0x12a/0x1a0\n do_syscall_64+0x5b/0x80\n\nThe warning is caused by reading conf->max_nr_stripes in raid_status. The\ncode in raid_status reads mddev->private, casts it to struct r5conf and\nreads the entry max_nr_stripes.\n\nHowever, if we have different raid type than 4/5/6, mddev->private\ndoesn't point to struct r5conf; it may point to struct r0conf, struct\nr1conf, struct r10conf or struct mpconf. If we cast a pointer to one\nof these structs to struct r5conf, we will be reading invalid memory\nand KASAN warns about it.\n\nFix this bug by reading struct r5conf only if raid type is 4, 5 or 6." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1fbeea217d8f297fe0e0956a1516d14ba97d0396", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49dba30638e091120256a9e89125340795f034dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c233811a49578634d10a5e70a9dfa569d451e94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90b006da40dd42285b24dd3c940d2c32aca9a70b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4c6c07c92b6cba2bf3cb2dfa722debeaf8a8abe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b856ce5f4b55f752144baf17e9d5c415072652c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb583ca6125ac64c98e9d65128e95ebb5be7d322", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8971b595d7adac3421c21f59918241f1574061e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json new file mode 100644 index 00000000000..b0ac70c32da --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50085", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.577", + "lastModified": "2025-06-18T11:15:37.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_resume\n\nThere is a KASAN warning in raid_resume when running the lvm test\nlvconvert-raid.sh. The reason for the warning is that mddev->raid_disks\nis greater than rs->raid_disks, so the loop touches one entry beyond\nthe allocated length." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a9faa704d83ff0b04387e385efd8ae21cd95af6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3bfdc95466f5be4d8d95db5a5b470d61641a7c24", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50235d9a1f1f742619ed9963cb9f240e5b821d46", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/71f601c779b3cc1baf497796f5b922c3fe5d2a1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/74af83732a39ab7d3bc9b49219a535853e25679f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dad24db59d2d2803576f2e3645728866a056dab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2d47bef93fb74aa97d90f9a40ca657b8f376083", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2f075e729636a44e98d9722e3852c2fa6fa49b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json new file mode 100644 index 00000000000..fa56b86b262 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50086", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.690", + "lastModified": "2025-06-18T11:15:37.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't allow the same type rq_qos add more than once\n\nIn our test of iocost, we encountered some list add/del corruptions of\ninner_walk list in ioc_timer_fn.\n\nThe reason can be described as follows:\n\ncpu 0\t\t\t\t\tcpu 1\nioc_qos_write\t\t\t\tioc_qos_write\n\nioc = q_to_ioc(queue);\nif (!ioc) {\n ioc = kzalloc();\n\t\t\t\t\tioc = q_to_ioc(queue);\n\t\t\t\t\tif (!ioc) {\n\t\t\t\t\t\tioc = kzalloc();\n\t\t\t\t\t\t...\n\t\t\t\t\t\trq_qos_add(q, rqos);\n\t\t\t\t\t}\n ...\n rq_qos_add(q, rqos);\n ...\n}\n\nWhen the io.cost.qos file is written by two cpus concurrently, rq_qos may\nbe added to one disk twice. In that case, there will be two iocs enabled\nand running on one disk. They own different iocgs on their active list. In\nthe ioc_timer_fn function, because of the iocgs from two iocs have the\nsame root iocg, the root iocg's walk_list may be overwritten by each other\nand this leads to list add/del corruptions in building or destroying the\ninner_walk list.\n\nAnd so far, the blk-rq-qos framework works in case that one instance for\none type rq_qos per queue by default. This patch make this explicit and\nalso fix the crash above." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/08ef66e800a85afc6b54cb95841f6502627eee2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0b7f5d7a4d2a72ad9de04ab8ccba2a31904aa638", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0c9bb1acd1d103a3070b2126870eb52761d606ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/14a6e2eb7df5c7897c15b109cba29ab0c4a791b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json new file mode 100644 index 00000000000..d711b94d7b2 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50087", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.803", + "lastModified": "2025-06-18T11:15:37.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails\n\nWhen scpi probe fails, at any point, we need to ensure that the scpi_info\nis not set and will remain NULL until the probe succeeds. If it is not\ntaken care, then it could result use-after-free as the value is exported\nvia get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()\nbut freed when the probe fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0c29e149b6bb498778ed8a1c9597b51acfba7856", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/18048cba444a7c41dbf42c180d6b46606fc24c51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/689640efc0a2c4e07e6f88affe6d42cd40cc3f85", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87c4896d5dd7fd9927c814cf3c6289f41de3b562", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json new file mode 100644 index 00000000000..3f59868478f --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50088", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:37.917", + "lastModified": "2025-06-18T11:15:37.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/reclaim: fix potential memory leak in damon_reclaim_init()\n\ndamon_reclaim_init() allocates a memory chunk for ctx with\ndamon_new_ctx(). When damon_select_ops() fails, ctx is not released,\nwhich will lead to a memory leak.\n\nWe should release the ctx with damon_destroy_ctx() when damon_select_ops()\nfails to fix the memory leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/188043c7f4f2bd662f2a55957d684fffa543e600", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/700aa4e11a3c4d2a44d06758db431a013d9e1b61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d3e9e1e0856f4c905bbb870f16f42ae72477071", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json new file mode 100644 index 00000000000..f52e2dc86bb --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50089", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.023", + "lastModified": "2025-06-18T11:15:38.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ensure pages are unlocked on cow_file_range() failure\n\nThere is a hung_task report on zoned btrfs like below.\n\nhttps://github.com/naota/linux/issues/59\n\n [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds.\n [726.329839] Not tainted 5.16.0-rc1+ #1\n [726.330484] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00000000\n [726.331608] Call Trace:\n [726.331611] \n [726.331614] __schedule+0x2e5/0x9d0\n [726.331622] schedule+0x58/0xd0\n [726.331626] io_schedule+0x3f/0x70\n [726.331629] __folio_lock+0x125/0x200\n [726.331634] ? find_get_entries+0x1bc/0x240\n [726.331638] ? filemap_invalidate_unlock_two+0x40/0x40\n [726.331642] truncate_inode_pages_range+0x5b2/0x770\n [726.331649] truncate_inode_pages_final+0x44/0x50\n [726.331653] btrfs_evict_inode+0x67/0x480\n [726.331658] evict+0xd0/0x180\n [726.331661] iput+0x13f/0x200\n [726.331664] do_unlinkat+0x1c0/0x2b0\n [726.331668] __x64_sys_unlink+0x23/0x30\n [726.331670] do_syscall_64+0x3b/0xc0\n [726.331674] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [726.331677] RIP: 0033:0x7fb9490a171b\n [726.331681] RSP: 002b:00007fb943ffac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000057\n [726.331684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9490a171b\n [726.331686] RDX: 00007fb943ffb040 RSI: 000055a6bbe6ec20 RDI: 00007fb94400d300\n [726.331687] RBP: 00007fb943ffad00 R08: 0000000000000000 R09: 0000000000000000\n [726.331688] R10: 0000000000000031 R11: 0000000000000246 R12: 00007fb943ffb000\n [726.331690] R13: 00007fb943ffb040 R14: 0000000000000000 R15: 00007fb943ffd260\n [726.331693] \n\nWhile we debug the issue, we found running fstests generic/551 on 5GB\nnon-zoned null_blk device in the emulated zoned mode also had a\nsimilar hung issue.\n\nAlso, we can reproduce the same symptom with an error injected\ncow_file_range() setup.\n\nThe hang occurs when cow_file_range() fails in the middle of\nallocation. cow_file_range() called from do_allocation_zoned() can\nsplit the give region ([start, end]) for allocation depending on\ncurrent block group usages. When btrfs can allocate bytes for one part\nof the split regions but fails for the other region (e.g. because of\n-ENOSPC), we return the error leaving the pages in the succeeded regions\nlocked. Technically, this occurs only when @unlock == 0. Otherwise, we\nunlock the pages in an allocated region after creating an ordered\nextent.\n\nConsidering the callers of cow_file_range(unlock=0) won't write out\nthe pages, we can unlock the pages on error exit from\ncow_file_range(). So, we can ensure all the pages except @locked_page\nare unlocked on error case.\n\nIn summary, cow_file_range now behaves like this:\n\n- page_started == 1 (return value)\n - All the pages are unlocked. IO is started.\n- unlock == 1\n - All the pages except @locked_page are unlocked in any case\n- unlock == 0\n - On success, all the pages are locked for writing out them\n - On failure, all the pages except @locked_page are unlocked" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9535ec371d741fa037e37eddc0a5b25ba82d0027", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ce7466f372d83054c7494f6b3e4b9abaf3f0355", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b367f125c80fa838eae49e3b138dc67dfc9f46ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e160aa87c87a9c4e0c8d1430235f715a3a91e2cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json new file mode 100644 index 00000000000..9d84248a58c --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50090", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.153", + "lastModified": "2025-06-18T11:15:38.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size\n\nOn zoned filesystem, data write out is limited by max_zone_append_size,\nand a large ordered extent is split according the size of a bio. OTOH,\nthe number of extents to be written is calculated using\nBTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the\nmetadata bytes to update and/or create the metadata items.\n\nThe metadata reservation is done at e.g, btrfs_buffered_write() and then\nreleased according to the estimation changes. Thus, if the number of extent\nincreases massively, the reserved metadata can run out.\n\nThe increase of the number of extents easily occurs on zoned filesystem\nif BTRFS_MAX_EXTENT_SIZE > max_zone_append_size. And, it causes the\nfollowing warning on a small RAM environment with disabling metadata\nover-commit (in the following patch).\n\n[75721.498492] ------------[ cut here ]------------\n[75721.505624] BTRFS: block rsv 1 returned -28\n[75721.512230] WARNING: CPU: 24 PID: 2327559 at fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: loaded Tainted: G W 5.18.0-rc2-BTRFS-ZNS+ #109\n[75721.597200] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n[75721.607310] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n[75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286\n[75721.654126] RAX: 0000000000000000 RBX: 0000000000004000 RCX: 0000000000000000\n[75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e\n[75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7\n[75721.682493] R10: ffffed13f1a3f8d8 R11: 0000000000000001 R12: ffff88980a3c0e28\n[75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a\n[75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000\n[75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0\n[75721.730499] Call Trace:\n[75721.735166] \n[75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs]\n[75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs]\n[75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.769520] ? push_leaf_left+0x420/0x620 [btrfs]\n[75721.776431] ? memcpy+0x4e/0x60\n[75721.781931] split_leaf+0x433/0x12d0 [btrfs]\n[75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs]\n[75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs]\n[75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs]\n[75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs]\n[75721.818300] ? lock_downgrade+0x7c0/0x7c0\n[75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs]\n[75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs]\n[75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs]\n[75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs]\n[75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs]\n[75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs]\n[75721.869313] ? rcu_read_lock_sched_held+0x16/0x80\n[75721.876085] ? lock_release+0x552/0xf80\n[75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs]\n[75721.888886] ? __kasan_check_write+0x14/0x20\n[75721.895152] ? do_raw_read_unlock+0x44/0x80\n[75721.901323] ? _raw_write_lock_irq+0x60/0x80\n[75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs]\n[75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs]\n[75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs]\n[75721.929166] ? _raw_write_unlock+0x23/0x40\n[75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs]\n[75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs]\n[75721.949906] ? try_to_wake_up+0x30/0x14a0\n[75721.955700] ? btrfs_unlink_subvol+0xda0/0xda0 [btrfs]\n[75721.962661] ? rcu\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/096e8eb9639b342bc35f9b741cf05e26d0106e92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1aa262c1d056551dd1246115af8b7e351184deae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6cb4b96df97082a54634ba02196516919cda228c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7b12a62f008a3041f42f2426983e59a6a0a3c59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json new file mode 100644 index 00000000000..4a8e6c396ba --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50091", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.277", + "lastModified": "2025-06-18T11:15:38.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/csd_lock: Change csdlock_debug from early_param to __setup\n\nThe csdlock_debug kernel-boot parameter is parsed by the\nearly_param() function csdlock_debug(). If set, csdlock_debug()\ninvokes static_branch_enable() to enable csd_lock_wait feature, which\ntriggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and\nCONFIG_SPARSEMEM_VMEMMAP=n.\n\nWith CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a NULL dereference\nbecause mem_section is initialized only later in sparse_init().\n\nThis is also a problem for powerpc because early_param() functions\nare invoked earlier than jump_label_init(), also resulting in\nstatic_key_enable() failures. These failures cause the warning \"static\nkey 'xxx' used before call to jump_label_init()\".\n\nThus, early_param is too early for csd_lock_wait to run\nstatic_branch_enable(), so changes it to __setup to fix these." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05de9e2e33b1625c71aee69e353fe906dd2be88a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c9b26b0df270d4f9246e483a44686fca951a29c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b480d1e9a8c11ecc1c99dc01814b28e3103bd0a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2cbdbe22b5f190055d2d0ae92e7454479343a30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json new file mode 100644 index 00000000000..1fc47bc323b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50092", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.383", + "lastModified": "2025-06-18T11:15:38.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: fix use-after-free crash in dm_sm_register_threshold_callback\n\nFault inject on pool metadata device reports:\n BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80\n Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950\n\n CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x34/0x44\n print_address_description.constprop.0.cold+0xeb/0x3f4\n kasan_report.cold+0xe6/0x147\n dm_pool_register_metadata_threshold+0x40/0x80\n pool_ctr+0xa0a/0x1150\n dm_table_add_target+0x2c8/0x640\n table_load+0x1fd/0x430\n ctl_ioctl+0x2c4/0x5a0\n dm_ctl_ioctl+0xa/0x10\n __x64_sys_ioctl+0xb3/0xd0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis can be easily reproduced using:\n echo offline > /sys/block/sda/device/state\n dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10\n dmsetup load pool --table \"0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0\"\n\nIf a metadata commit fails, the transaction will be aborted and the\nmetadata space maps will be destroyed. If a DM table reload then\nhappens for this failed thin-pool, a use-after-free will occur in\ndm_sm_register_threshold_callback (called from\ndm_pool_register_metadata_threshold).\n\nFix this by in dm_pool_register_metadata_threshold() by returning the\n-EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr()\nwith a new error message: \"Error registering metadata threshold\"." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05cef0999b3208b5a6ede1bfac855139e4de55ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a199fa9217d28511ff88529238fd9980ea64cf3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3534e5a5ed2997ca1b00f44a0378a075bd05e8a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e2cf705155a1514be3c96ea664a9cd356998ee7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e4dbe24f4bfd8377e7ba79fdcdb7c4d6eb1c6790", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f83131a3071a0b61a4d7dca70f95adb3ffad920e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json new file mode 100644 index 00000000000..25fc4763e4b --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50093", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.497", + "lastModified": "2025-06-18T11:15:38.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)\n\nKASAN reports:\n\n[ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n[ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0\n[ 4.683454][ T0]\n[ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1\n[ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016\n[ 4.703196][ T0] Call Trace:\n[ 4.706334][ T0] \n[ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n\nafter converting the type of the first argument (@nr, bit number)\nof arch_test_bit() from `long` to `unsigned long`[0].\n\nUnder certain conditions (for example, when ACPI NUMA is disabled\nvia command line), pxm_to_node() can return %NUMA_NO_NODE (-1).\nIt is valid 'magic' number of NUMA node, but not valid bit number\nto use in bitops.\nnode_online() eventually descends to test_bit() without checking\nfor the input, assuming it's on caller side (which might be good\nfor perf-critical tasks). There, -1 becomes %ULONG_MAX which leads\nto an insane array index when calculating bit position in memory.\n\nFor now, add an explicit check for @node being not %NUMA_NO_NODE\nbefore calling test_bit(). The actual logics didn't change here\nat all.\n\n[0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b4c0003aeda32a600f95df53b2848da8a5aa3fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5659efdadf04b56707d58c1b758df16d2e0eff2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73ce2046e04ad488cecc66757c36cbe1bdf089d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0b0b77ea611e3088e9523e60860f4f41b62b235", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b12304984654d8e58a2b22ff94c4410906d6267f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2304c50f4d94f56c2e326f25c9dc8cf2ba6f5fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json new file mode 100644 index 00000000000..b7768cec092 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50094", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.620", + "lastModified": "2025-06-18T11:15:38.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: trace: fix stack-out-of-bound access in SPMI tracing functions\n\ntrace_spmi_write_begin() and trace_spmi_read_end() both call\nmemcpy() with a length of \"len + 1\". This leads to one extra\nbyte being read beyond the end of the specified buffer. Fix\nthis out-of-bound memory access by using a length of \"len\"\ninstead.\n\nHere is a KASAN log showing the issue:\n\nBUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234\nRead of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314\n...\nCall trace:\n dump_backtrace+0x0/0x3e8\n show_stack+0x2c/0x3c\n dump_stack_lvl+0xdc/0x11c\n print_address_description+0x74/0x384\n kasan_report+0x188/0x268\n kasan_check_range+0x270/0x2b0\n memcpy+0x90/0xe8\n trace_event_raw_event_spmi_read_end+0x1d0/0x234\n spmi_read_cmd+0x294/0x3ac\n spmi_ext_register_readl+0x84/0x9c\n regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi]\n _regmap_raw_read+0x40c/0x754\n regmap_raw_read+0x3a0/0x514\n regmap_bulk_read+0x418/0x494\n adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3]\n ...\n __arm64_sys_read+0x4c/0x60\n invoke_syscall+0x80/0x218\n el0_svc_common+0xec/0x1c8\n ...\n\naddr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame:\n adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3]\n\nthis frame has 1 object:\n [32, 33) 'status'\n\nMemory state around the buggy address:\n ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1\n ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n>ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00\n ^\n ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00\n==================================================================" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e0ca3d809c36ad3d1f542917718fc22ec6316e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2af28b241eea816e6f7668d1954f15894b45d7e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/37690cb8662cec672cacda19e6e4fd2ca7b13f0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/504090815c1ad3fd3fa34618b54d706727f8911c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80f7c93e573ea9f524924bb529c2af8cb28b1c43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac730c72bddc889f5610d51d8a7abf425e08da1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcc1b6b1ed3f42ed25858c1f1eb24a2f741db93f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc6033a7761254e5a5ba7df36b64db787a53313c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd02510fb43168310abfd0b9ccf49993a722fb91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json new file mode 100644 index 00000000000..31eb9b4a5be --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50095", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.740", + "lastModified": "2025-06-18T11:15:38.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: Cleanup CPU timers before freeing them during exec\n\nCommit 55e8c8eb2c7b (\"posix-cpu-timers: Store a reference to a pid not a\ntask\") started looking up tasks by PID when deleting a CPU timer.\n\nWhen a non-leader thread calls execve, it will switch PIDs with the leader\nprocess. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find\nthe task because the timer still points out to the old PID.\n\nThat means that armed timers won't be disarmed, that is, they won't be\nremoved from the timerqueue_list. exit_itimers will still release their\nmemory, and when that list is later processed, it leads to a\nuse-after-free.\n\nClean up the timers from the de-threaded task before freeing them. This\nprevents a reported use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/541840859ace9c2ccebc32fa9e376c7bd3def490", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e255ed238fc67058df87b0388ad6d4b2ef3a2bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2fc1723eb65abb83e00d5f011de670296af0b28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e362359ace6f87c201531872486ff295df306d13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8cb6e8fd9890780f1bfcf5592889e1b879e779c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json new file mode 100644 index 00000000000..560b33cc9db --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50096", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.850", + "lastModified": "2025-06-18T11:15:38.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kprobes: Update kcb status flag after singlestepping\n\nFix kprobes to update kcb (kprobes control block) status flag to\nKPROBE_HIT_SSDONE even if the kp->post_handler is not set.\n\nThis bug may cause a kernel panic if another INT3 user runs right\nafter kprobes because kprobe_int3_handler() misunderstands the\nINT3 is kprobe's single stepping INT3." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cbf3882cb372bbe752efd7c3045ca1c9ab40ac6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/663cdda2716b70751df9c7e60b81bd0850fdfe3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9c3401f7cac6ae291a16784dadcd1bf116218fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dec8784c9088b131a1523f582c2194cfc8107dc0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/edc2ac7c7265b33660fa0190898966b49966b855", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json new file mode 100644 index 00000000000..c5169fcf43c --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50097", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:38.963", + "lastModified": "2025-06-18T11:15:38.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: s3fb: Check the size of screen before memset_io()\n\nIn the function s3fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000\n[ 54.083742] #PF: supervisor write access in kernel mode\n[ 54.083744] #PF: error_code(0x0002) - not-present page\n[ 54.083760] RIP: 0010:memset_orig+0x33/0xb0\n[ 54.083782] Call Trace:\n[ 54.083788] s3fb_set_par+0x1ec6/0x4040\n[ 54.083806] fb_set_var+0x604/0xeb0\n[ 54.083836] do_fb_ioctl+0x234/0x670\n\nFix the this by checking the value of 'screen_size' before memset_io()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c35a0dc2b4e7acf24c796043b64fa3eee799239", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52461d387cc8c8f8dc40320caa2e9e101f73e7ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/574912261528589012b61f82d368256247c3a5a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e0da18956d38e7106664dc1d06367b22f06edd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ba592fa014f21f35a8ee8da4ca7b95a018f13e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce50d94afcb8690813c5522f24cd38737657db81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2d7cacc6a2a1d77e7e20a492daf458a12cf19e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eacb50f1733660911827d7c3720f4c5425d0cdda", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json new file mode 100644 index 00000000000..cc59ab0528d --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50098", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.083", + "lastModified": "2025-06-18T11:15:39.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n\nEnsure SRB is returned during I/O timeout error escalation. If that is not\npossible fail the escalation path.\n\nFollowing crash stack was seen:\n\nBUG: unable to handle kernel paging request at 0000002f56aa90f8\nIP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx]\nCall Trace:\n ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx]\n ? qla2x00_start_sp+0x116/0x1170 [qla2xxx]\n ? dma_pool_alloc+0x1d6/0x210\n ? mempool_alloc+0x54/0x130\n ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx]\n ? qla_do_work+0x2d/0x40 [qla2xxx]\n ? process_one_work+0x14c/0x390" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7dcd49c42b14717dd668fd73b503d241fdf82439", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b70553175d0f94ebd73670bc16ade90bd7f7d76f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b7bae3886a30d258b5b4fee26647043d68da3661", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c39587bc0abaf16593f7abcdf8aeec3c038c7d52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json new file mode 100644 index 00000000000..efca0e0af06 --- /dev/null +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50099", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.200", + "lastModified": "2025-06-18T11:15:39.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Check the size of screen before memset_io()\n\nIn the function arkfb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000\n[ 659.399077] #PF: supervisor write access in kernel mode\n[ 659.399079] #PF: error_code(0x0002) - not-present page\n[ 659.399094] RIP: 0010:memset_orig+0x33/0xb0\n[ 659.399116] Call Trace:\n[ 659.399122] arkfb_set_par+0x143f/0x24c0\n[ 659.399130] fb_set_var+0x604/0xeb0\n[ 659.399161] do_fb_ioctl+0x234/0x670\n[ 659.399189] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0701df594bc1d7ae55fed407fb65dd90a93f8a9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/09e733d6ac948e6fda4b16252e44ea46f98fc8b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ce61c39c2a0b8ec82f48e0f7136f0dac105ae75", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/352305ea50d682b8e081d826da53caf9e744d7d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a20c5510aa2c031a096a58deb356e91609781c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53198b81930e567ad6b879812d88052a1e8ac79e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8bcb1a06e3091716b7cbebe0e91d1de9895068cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96b550971c65d54d64728d8ba973487878a06454", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json new file mode 100644 index 00000000000..72e430e11da --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50100", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.320", + "lastModified": "2025-06-18T11:15:39.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Do not requeue task on CPU excluded from cpus_mask\n\nThe following warning was triggered on a large machine early in boot on\na distribution kernel but the same problem should also affect mainline.\n\n WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440\n Call Trace:\n \n rescuer_thread+0x1f6/0x360\n kthread+0x156/0x180\n ret_from_fork+0x22/0x30\n \n\nCommit c6e7bd7afaeb (\"sched/core: Optimize ttwu() spinning on p->on_cpu\")\noptimises ttwu by queueing a task that is descheduling on the wakelist,\nbut does not check if the task descheduling is still allowed to run on that CPU.\n\nIn this warning, the problematic task is a workqueue rescue thread which\nchecks if the rescue is for a per-cpu workqueue and running on the wrong CPU.\nWhile this is early in boot and it should be possible to create workers,\nthe rescue thread may still used if the MAYDAY_INITIAL_TIMEOUT is reached\nor MAYDAY_INTERVAL and on a sufficiently large machine, the rescue\nthread is being used frequently.\n\nTracing confirmed that the task should have migrated properly using the\nstopper thread to handle the migration. However, a parallel wakeup from udev\nrunning on another CPU that does not share CPU cache observes p->on_cpu and\nuses task_cpu(p), queues the task on the old CPU and triggers the warning.\n\nCheck that the wakee task that is descheduling is still allowed to run\non its current CPU and if not, wait for the descheduling to complete\nand select an allowed CPU." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/302f7b0fc337746f41c69eb08522907f6a90c643", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/748d2e9585ae53cb6be48e84f93d2f082ae1d135", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/751d4cbc43879229dbc124afefe240b70fd29a85", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fde45283f4c8a91c367ea5f20f87036468755121", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json new file mode 100644 index 00000000000..82170f22eee --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50101", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.437", + "lastModified": "2025-06-18T11:15:39.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: vt8623fb: Check the size of screen before memset_io()\n\nIn the function vt8623fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000\n[ 583.339049] #PF: supervisor write access in kernel mode\n[ 583.339052] #PF: error_code(0x0002) - not-present page\n[ 583.339074] RIP: 0010:memset_orig+0x33/0xb0\n[ 583.339110] Call Trace:\n[ 583.339118] vt8623fb_set_par+0x11cd/0x21e0\n[ 583.339146] fb_set_var+0x604/0xeb0\n[ 583.339181] do_fb_ioctl+0x234/0x670\n[ 583.339209] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4a3cef1eaced13ba9b55381d46bfad937a3dac2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52ad9bfeb8a0e62de30de6d39e8a49a72dd78150", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73280a184aa2e1a625ce54ce761042955cc79cd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b17caec5127bba6f90af92bcc85871df54548ac0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd8269e57621e5b38cc0b4bd2fa02e85c9f2a441", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7a3f41e4b133d4dd25bc996b69039b19a34d69d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d71528ccdc7ae8d7500d414091d27805c51407a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec0754c60217248fa77cc9005d66b2b55200ac06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json new file mode 100644 index 00000000000..313ec97a9fa --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50102", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.553", + "lastModified": "2025-06-18T11:15:39.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug\nin:\n drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);\nwith hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.\nand then in:\n drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);\nwe'll get a division-by-zero.\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]\nRIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of ark_set_pixclock() first." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0288fa799e273b08839037499d704dc7bdc13e9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/15661642511b2b192077684a89f42a8d95d54286", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/236c1502520b7b08955467ec2e50b3232e34f1f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f1c4523f7a3aaabe7e53d3ebd378292947e95c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76b3f0a0b56e53a960a14624a0f48b3d94b5e7e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ebc5031958c1f3a2795e4533b4091d77c738d14", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a249e1b89ca25e1c34bdf96154e3f6224a91a9af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9a66f23612b84617e04412169e155a4b92f632d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json new file mode 100644 index 00000000000..0862657bd12 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50103", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.670", + "lastModified": "2025-06-18T11:15:39.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed\n\nWith cgroup v2, the cpuset's cpus_allowed mask can be empty indicating\nthat the cpuset will just use the effective CPUs of its parent. So\ncpuset_can_attach() can call task_can_attach() with an empty mask.\nThis can lead to cpumask_any_and() returns nr_cpu_ids causing the call\nto dl_bw_of() to crash due to percpu value access of an out of bound\nCPU value. For example:\n\n\t[80468.182258] BUG: unable to handle page fault for address: ffffffff8b6648b0\n\t :\n\t[80468.191019] RIP: 0010:dl_cpu_busy+0x30/0x2b0\n\t :\n\t[80468.207946] Call Trace:\n\t[80468.208947] cpuset_can_attach+0xa0/0x140\n\t[80468.209953] cgroup_migrate_execute+0x8c/0x490\n\t[80468.210931] cgroup_update_dfl_csses+0x254/0x270\n\t[80468.211898] cgroup_subtree_control_write+0x322/0x400\n\t[80468.212854] kernfs_fop_write_iter+0x11c/0x1b0\n\t[80468.213777] new_sync_write+0x11f/0x1b0\n\t[80468.214689] vfs_write+0x1eb/0x280\n\t[80468.215592] ksys_write+0x5f/0xe0\n\t[80468.216463] do_syscall_64+0x5c/0x80\n\t[80468.224287] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFix that by using effective_cpus instead. For cgroup v1, effective_cpus\nis the same as cpus_allowed. For v2, effective_cpus is the real cpumask\nto be used by tasks within the cpuset anyway.\n\nAlso update task_can_attach()'s 2nd argument name to cs_effective_cpus to\nreflect the change. In addition, a check is added to task_can_attach()\nto guard against the possibility that cpumask_any_and() may return a\nvalue >= nr_cpu_ids." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/147f66d22f58712dce7ccdd6a1f6cb3ee8042df4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/336626564b58071b8980a4e6a31a8f5d92705d9b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/357f3f0e522a6ce1ce4a571cb780d9861d53bec7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6e8d40d43ae4dec00c8fea2593eeea3114b8f44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f56607b44c9896e51678a7e8cdd3a5479f4b4548", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json new file mode 100644 index 00000000000..72e9fc2812b --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50104", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.787", + "lastModified": "2025-06-18T11:15:39.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: Fix refcount leak in xive_get_max_prio\n\nof_find_node_by_path() returns a node pointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/255b650cbec6849443ce2e0cdd187fd5e61c218c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e18b869a8d574cfe9ee64df9c3d0a7ac7ed07a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ed9709d262bf026b2ff64979fbfe0f496287588", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6d1e53f7f181a11a8a343def1e0d0209905b7c64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79b8eae24b7ee157bda07695d802be8576983fa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d99733ad47a6c990b52e136608455643bfa708f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea494e8a9852abd0ba60f69b254ce0d7c38449e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f658d5b528ce97a68efbb64ee54f6fe0909b189a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json new file mode 100644 index 00000000000..0c0f9a5a5bb --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50105", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:39.900", + "lastModified": "2025-06-18T11:15:39.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/spufs: Fix refcount leak in spufs_init_isolated_loader\n\nof_find_node_by_path() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0aa5de2547b7ccf0a31bc740d12f829fae243112", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/14329d29a048dc35aac2374fb3d588d8190095a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4288eb035ba4ddb53245e9365c919bb51ac00c2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43584490ee6c8a104797444af6bf89d0dafe95c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/69e9fa07b229badab808980e984a9fe824116f00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ac059dacffa8ab2f7798f20e4bd3333890c541c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85aff6a9b7b7ec4e5c319f7946c9864c8d5e3d4a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0cb99948c5f6d8fe56f6e69b8dd0a05ee5f9cec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json new file mode 100644 index 00000000000..bff55ff3db4 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50106", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.023", + "lastModified": "2025-06-18T11:15:40.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address\n\nof_get_next_parent() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() in the error path to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/00dc7cbbb558955ff410fd392cc9b0366eb06df0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/02ed44125d7a7238999750ca126b60f8dd7a88b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51cf876b11fb6ca06f69e9d1de58f892d1522e9d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5eaa93caa63abf382b319dbe2f032232026740c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6263ec8032c411b8ef6b7f00198cb18c855ee6cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af41cff4ada533b1cf40de6c468ba164fd32c22d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df5d4b616ee76abc97e5bd348e22659c2b095b1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f388643657cd5a04dc47a68d85321876c5b4c208", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json new file mode 100644 index 00000000000..3a8d0657739 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50107", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.140", + "lastModified": "2025-06-18T11:15:40.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory leak when using fscache\n\nIf we hit the 'index == next_cached' case, we leak a refcount on the\nstruct page. Fix this by using readahead_folio() which takes care of\nthe refcount for you." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7105b4047481bc2950fb767cff328d8b75292c0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae497726cd090673a4d20ac725ccc2de8067a7a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6f62f81b488d00afaa86bae26c6ce9ab12c709e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json new file mode 100644 index 00000000000..1f521aafe43 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50108", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.263", + "lastModified": "2025-06-18T11:15:40.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: max77620: Fix refcount leak in max77620_initialise_fps\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1520669c8255bd637c6b248b2be910e2688d38dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50d5fe8cb94c319cb4316f4d824570c075565354", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a29c40814039535b950149311986a5f348b5db14", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afdbadbf18c19779d7bc5df70d872924f9bbd76b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b948ff8a9e9ad46d4dff9127777caa14c8c2b53c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/facd31bbc799f4d0cd25d9d688af7ca41e7f38ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json new file mode 100644 index 00000000000..9a1d11e7e95 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50109", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.397", + "lastModified": "2025-06-18T11:15:40.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: amba-clcd: Fix refcount leak bugs\n\nIn clcdfb_of_init_display(), we should call of_node_put() for the\nreferences returned by of_graph_get_next_endpoint() and\nof_graph_get_remote_port_parent() which have increased the refcount.\n\nBesides, we should call of_node_put() both in fail path or when\nthe references are not used anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2688df86c02da6bdc9866b62d974e169a2678883", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26c2b7d9fac42eb8317f3ceefa4c1a9a9170ca69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/29f06f1905c312671a09ee85ca92ac04a1d9f305", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49a4c1a87ef884e43cdda58b142a2a30f2f09efc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a51519ebd0fdad3546463018b8f6bc3b0f4d3032", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a88ab277cca99aeb9a3b2b7db358f1a6dd528b0c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a97ff8a949dbf41be89f436b2b1a2b3d794493df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da276dc288bf838ea0fd778b5441ec0f601c69f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json new file mode 100644 index 00000000000..483e321f0c9 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50110", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.530", + "lastModified": "2025-06-18T11:15:40.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a1becb1f13268ef58f19190608a7c742fb6fcf5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84ddf527f90755beec6b55ce2e31331f5ccd4e37", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6d9c0798ed366a09a9e53d71edcd2266e34a6eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee1fb8f75abe361413913e3a6e93c8c0a4d83cd9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json new file mode 100644 index 00000000000..ec7dffe113c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50111", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.660", + "lastModified": "2025-06-18T11:15:40.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6359: Fix refcount leak bug\n\nIn mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call\nof_node_put() for the reference returned by of_get_child_by_name()\nwhich has increased the refcount." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e7fe6906e9755d9e0242f9619c894ecd82fb9da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3d69d86b3e9d82f524e7e1906adcbbe939dc836e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8d5df69e2ec702d979f7d04ed519caf8691a032", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffaef892bfef5ec68dadfd3bbed49e3d4ef7b6c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json new file mode 100644 index 00000000000..b54cf742817 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50112", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.793", + "lastModified": "2025-06-18T11:15:40.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/43e42c25a232a6862e7d2f292a069ac828559030", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/65382585f067d4256ba087934f30f85c9b6984de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ee5d40ae29e63f6fd6cbf9dcfc0a48c474013db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9715809b9eeb85b3f9b083857a2f29a9e2351125", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae7fdbab97df6a2115eed6b7e39c278b805c9c7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb50423e46ea585620a6be307d7f7b71587936b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ece6cfe62a103cc6032664983be557f1b5a1ff7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json new file mode 100644 index 00000000000..77a175bbaad --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50113", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:40.917", + "lastModified": "2025-06-18T11:15:40.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()\n\nWe should call of_node_put() for the reference before its replacement\nas it returned by of_get_parent() which has increased the refcount.\nBesides, we should also call of_node_put() before return." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3bb0c0b5f0f866fc3785380e0860dc37ceacf342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a63a8c253bf57dfd9fa3ee2a7f1a3727505f947", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eda26893dabfc6da7a1e1ff5f8628ed9faab3ab9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json new file mode 100644 index 00000000000..eeec3a94ddc --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50114", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.030", + "lastModified": "2025-06-18T11:15:41.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 9p: fix refcount leak in p9_read_work() error handling\n\np9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid\ntemporary refcount leak.\n\n[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/34b9a188557c1d5a50e07cf228d054101aee0af3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ac7573e1f9333073fa8d303acc941c9b7ab7f61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/622f2a467bdfbce73fd43ea74b5f0fd2caaa8c5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8324649b0035cbb30ebc3ca901540cb392e89041", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json new file mode 100644 index 00000000000..5f63ac19c49 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50115", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.140", + "lastModified": "2025-06-18T11:15:41.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes\n\nWe have sanity checks for byte controls and if any of the fail the locally\nallocated scontrol->ipc_control_data is freed up, but not set to NULL.\n\nOn a rollback path of the error the higher level code will also try to free\nthe scontrol->ipc_control_data which will eventually going to lead to\nmemory corruption as double freeing memory is not a good thing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8463986b54295e6b65ddf2b7c65627d01ce7643b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2eddfcafcffaf1b9245ea0dde9143bbfb47d5d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5bd47f3ca124058a8e87eae4508afeda2132611", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json new file mode 100644 index 00000000000..7d9e85e1672 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50116", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.257", + "lastModified": "2025-06-18T11:15:41.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix deadlock and link starvation in outgoing data path\n\nThe current implementation queues up new control and user packets as needed\nand processes this queue down to the ldisc in the same code path.\nThat means that the upper and the lower layer are hard coupled in the code.\nDue to this deadlocks can happen as seen below while transmitting data,\nespecially during ldisc congestion. Furthermore, the data channels starve\nthe control channel on high transmission load on the ldisc.\n\nIntroduce an additional control channel data queue to prevent timeouts and\nlink hangups during ldisc congestion. This is being processed before the\nuser channel data queue in gsm_data_kick(), i.e. with the highest priority.\nPut the queue to ldisc data path into a workqueue and trigger it whenever\nnew data has been put into the transmission queue. Change\ngsm_dlci_data_sweep() accordingly to fill up the transmission queue until\nTX_THRESH_HI. This solves the locking issue, keeps latency low and provides\ngood performance on high data load.\nNote that now all packets from a DLCI are removed from the internal queue\nif the associated DLCI was closed. This ensures that no data is sent by the\nintroduced write task to an already closed DLCI.\n\nBUG: spinlock recursion on CPU#0, test_v24_loop/124\n lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0\nCPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n do_raw_spin_lock+0x76/0xa0\n _raw_spin_lock_irqsave+0x72/0x80\n uart_write_room+0x3b/0xc0\n gsm_data_kick+0x14b/0x240 [n_gsm]\n gsmld_write_wakeup+0x35/0x70 [n_gsm]\n tty_wakeup+0x53/0x60\n tty_port_default_wakeup+0x1b/0x30\n serial8250_tx_chars+0x12f/0x220\n serial8250_handle_irq.part.0+0xfe/0x150\n serial8250_default_handle_irq+0x48/0x80\n serial8250_interrupt+0x56/0xa0\n __handle_irq_event_percpu+0x78/0x1f0\n handle_irq_event+0x34/0x70\n handle_fasteoi_irq+0x90/0x1e0\n __common_interrupt+0x69/0x100\n common_interrupt+0x48/0xc0\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:__do_softirq+0x83/0x34e\nCode: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d\ne2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff <49> c7 c2 40 61\n80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00\nRSP: 0018:ffffc90000003f98 EFLAGS: 00000286\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7\nRBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000\n ? __do_softirq+0x73/0x34e\n irq_exit_rcu+0xb5/0x100\n common_interrupt+0xa4/0xc0\n \n \n asm_common_interrupt+0x1e/0x40\nRIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50\nCode: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff\n48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 3d 97 33 ff\n65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44\nRSP: 0018:ffffc9000020fd08 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000\nRDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001\nRBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8\n ? _raw_spin_unlock_irqrestore+0x23/0x50\n gsmtty_write+0x65/0x80 [n_gsm]\n n_tty_write+0x33f/0x530\n ? swake_up_all+0xe0/0xe0\n file_tty_write.constprop.0+0x1b1/0x320\n ? n_tty_flush_buffer+0xb0/0xb0\n new_sync_write+0x10c/0x190\n vfs_write+0x282/0x310\n ksys_write+0x68/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f3e5e35c15c\nCode: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0af021678d5d30c31f5a6b631f404ead3575212a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7962a4b900099cf90e02859bb297f2c618d8d940", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c165698c9919b000bdbe73859d3bb7b33bdb9223", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json new file mode 100644 index 00000000000..63783b064f5 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50117", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.370", + "lastModified": "2025-06-18T11:15:41.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio: Split migration ops from main device ops\n\nvfio core checks whether the driver sets some migration op (e.g.\nset_state/get_state) and accordingly calls its op.\n\nHowever, currently mlx5 driver sets the above ops without regards to its\nmigration caps.\n\nThis might lead to unexpected usage/Oops if user space may call to the\nabove ops even if the driver doesn't support migration. As for example,\nthe migration state_mutex is not initialized in that case.\n\nThe cleanest way to manage that seems to split the migration ops from\nthe main device ops, this will let the driver setting them separately\nfrom the main ops when it's applicable.\n\nAs part of that, validate ops construction on registration and include a\ncheck for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set\nin migration_flags.\n\nHISI driver was changed as well to match this scheme.\n\nThis scheme may enable down the road to come with some extra group of\nops (e.g. DMA log) that can be set without regards to the other options\nbased on driver caps." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6e97eba8ad8748fabb795cffc5d9e1a7dcfd7367", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bba6b12d73d36e0ddbc2c3ac5668a667b00d4345", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json new file mode 100644 index 00000000000..fc2b2c3a7cc --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50118", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.477", + "lastModified": "2025-06-18T11:15:41.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable\n\ncommit 2c9ac51b850d (\"powerpc/perf: Fix PMU callbacks to clear\npending PMI before resetting an overflown PMC\") added a new\nfunction \"pmi_irq_pending\" in hw_irq.h. This function is to check\nif there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is\nused in power_pmu_disable in a WARN_ON. The intention here is to\nprovide a warning if there is PMI pending, but no counter is found\noverflown.\n\nDuring some of the perf runs, below warning is hit:\n\nWARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0\n Modules linked in:\n -----\n\n NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0\n LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0\n Call Trace:\n [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable)\n [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60\n [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100\n [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240\n [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140\n [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0\n [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300\n [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100\n [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40\n [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250\n [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0\n [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0\n [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80\n [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0\n [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140\n [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8\n [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0\n [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220\n\nThis means that there is no PMC overflown among the active events\nin the PMU, but there is a PMU pending in Paca. The function\n\"any_pmc_overflown\" checks the PMCs on active events in\ncpuhw->n_events. Code snippet:\n\n<<>>\nif (any_pmc_overflown(cpuhw))\n \tclear_pmi_irq_pending();\n else\n \tWARN_ON(pmi_irq_pending());\n<<>>\n\nHere the PMC overflown is not from active event. Example: When we do\nperf record, default cycles and instructions will be running on PMC6\nand PMC5 respectively. It could happen that overflowed event is currently\nnot active and pending PMI is for the inactive event. Debug logs from\ntrace_printk:\n\n<<>>\nany_pmc_overflown: idx is 5: pmc value is 0xd9a\npower_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011\n<<>>\n\nHere active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011).\nWhen we handle PMI interrupt for such cases, if the PMC overflown is\nfrom inactive event, it will be ignored. Reference commit:\ncommit bc09c219b2e6 (\"powerpc/perf: Fix finding overflowed PMC in interrupt\")\n\nPatch addresses two changes:\n1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); )\n We were printing warning if no PMC is found overflown among active PMU\n events, but PMI pending in PACA. But this could happen in cases where\n PMC overflown is not in active PMC. An inactive event could have caused\n the overflow. Hence the warning is not needed. To know pending PMI is\n from an inactive event, we need to loop through all PMC's which will\n cause more SPR reads via mfspr and increase in context switch. Also in\n existing function: perf_event_interrupt, already we ignore PMI's\n overflown when it is from an inactive PMC.\n\n2) Fix 2: optimization in clearing pending PMI.\n Currently we check for any active PMC overflown before clearing PMI\n pending in Paca. This is causing additional SP\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a24ea26c3278216642a43291df7976a73a0a7ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e83af3dd4a3afca8f83ffde518cafd52f45b830", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/875b2bf469d094754ac2ba9af91dcd529eb12bf6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87b1a9175f08313f40fcb6d6dc536dbe451090eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/890005a7d98f7452cfe86dcfb2aeeb7df01132ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json new file mode 100644 index 00000000000..6bf3cf806d5 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50119", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.573", + "lastModified": "2025-06-18T11:15:41.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: Fix possible refcount leak in rpmsg_register_device_override()\n\nrpmsg_register_device_override need to call put_device to free vch when\ndriver_set_override fails.\n\nFix this by adding a put_device() to the error path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01e6885b75e25a2dd0726455ef18ef9ce5e7dc87", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/280ae5a028ef5d14ef9277746a3026a30aaebe4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3fdd5b2bb09fc2b5bf3504778f51c89bb48c097f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c29335612ff44df979678a38e1f55c62004f421c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c449b28e437d18ae807479c4ac6b69d87b287c79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4c8bf5635c4bedaf2470761ced1f502b2d5434e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7bd416d35121c95fe47330e09a5c04adbc5f928", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json new file mode 100644 index 00000000000..c91307647c7 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50120", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.683", + "lastModified": "2025-06-18T11:15:41.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\nThis function has two paths missing of_node_put()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dc1663e3fc22c72e1ab33be7701a0d51cca84ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/16da9f84e26f89e58cac194ff19fefd9de27d975", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61afafe8b938bc74841cf4b1a73dd08b9d287c5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8ac68927856c3a6d197a95be73c92ec0bd4b012", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json new file mode 100644 index 00000000000..7e59e9a18da --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50121", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.797", + "lastModified": "2025-06-18T11:15:41.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f83c4cf1b78331c23876977aa7b9151aff2f9e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61cd8cd3b6b33c7eae3b45cf783b114f2ae53528", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75358732af9b26acfe3e609943290bcba13330fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf112a52d758092ca3d5ebdad51dd17bda5ba3e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa220c05d282e7479abe08b54e3bdffd06c25e97", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json new file mode 100644 index 00000000000..d68811bdc0d --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50122", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:41.900", + "lastModified": "2025-06-18T11:15:41.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix refcount leak in some error paths." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06ace427953f5036b64aed658f0055f65d76fd27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/403d46971936f9f704b91cecffe66e44aa39e915", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ec83aa7a9e5bcca80ccd49978916feb4e0ffc07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79f566907d27abbd7600cebe51def5081d5796b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/994f2edeeb2114bb22b62741cb8fb030fc7e5441", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e024a24fb264523149658c10c76bb363b3d0004d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e38e4952ac7a316c9002af30980d6aa850214474", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/efe2178d1a32492f99e7f1f2568eea5c88a85729", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json new file mode 100644 index 00000000000..10cfb4ecf83 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50123", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.017", + "lastModified": "2025-06-18T11:15:42.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix missing of_node_put() in error paths." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/540c7b7385fb110740703888b4b2bbfa06c7f79c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58567ed2878f70e0ded242cb529fb4a7618ea9f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/769399bce8825e1dcc5050dab78e15ab578baf4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa1214ece37944e4dbbb5cfb1d02bf37e4d89b02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa668f8e93199cda8fa1612eb49ff70f5ecd8c92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae4f11c1ed2d67192fdf3d89db719ee439827c11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6d41f04640db0f946e2c3f7963bb2774afc7a0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fab5eb31819a2693b0c3d6f3df6a0d193af9a089", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json new file mode 100644 index 00000000000..657134afbc9 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50124", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.133", + "lastModified": "2025-06-18T11:15:42.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1042353bb67cd1c9109d7481ea182c7794336458", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38dc6faef05f33b4c889be8b7d65878e465c1c4b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67a28402a9e8c229c7588f214d81d52903ea06ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7472eb8d7dd12b6b9b1a4f4527719cc9c7f5965f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dee72b1bcecb26bfff8d6360f2169f8656dbaf6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0381a9f3e595988e83bac4c4dd1e45ed2b3c744", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b488ceb2336905f071f80627bc8a7d657274e5de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json new file mode 100644 index 00000000000..e0e375089bf --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50125", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.250", + "lastModified": "2025-06-18T11:15:42.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a034d93ee929a9ea89f3fa5f1d8492435b9ee6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1065c385325845c88350c765cc6e449f46741984", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3e64b5562c077218295f2230fb5cf181193cb06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bae95c5aee1f67da6608ceaebfb744d900e5ffbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca6c9244e6c9827a0b2fe8808c5e7b1ee8ab7104", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json new file mode 100644 index 00000000000..883f36c220b --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50126", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.360", + "lastModified": "2025-06-18T11:15:42.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted\n\nFollowing process will fail assertion 'jh->b_frozen_data == NULL' in\njbd2_journal_dirty_metadata():\n\n jbd2_journal_commit_transaction\nunlink(dir/a)\n jh->b_transaction = trans1\n jh->b_jlist = BJ_Metadata\n journal->j_running_transaction = NULL\n trans1->t_state = T_COMMIT\nunlink(dir/b)\n handle->h_trans = trans2\n do_get_write_access\n jh->b_modified = 0\n jh->b_frozen_data = frozen_buffer\n jh->b_next_transaction = trans2\n jbd2_journal_dirty_metadata\n is_handle_aborted\n is_journal_aborted // return false\n\n --> jbd2 abort <--\n\n while (commit_transaction->t_buffers)\n if (is_journal_aborted)\n jbd2_journal_refile_buffer\n __jbd2_journal_refile_buffer\n WRITE_ONCE(jh->b_transaction,\n\t\t\t\t\t\tjh->b_next_transaction)\n WRITE_ONCE(jh->b_next_transaction, NULL)\n __jbd2_journal_file_buffer(jh, BJ_Reserved)\n J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !\n\nThe reproducer (See detail in [Link]) reports:\n ------------[ cut here ]------------\n kernel BUG at fs/jbd2/transaction.c:1629!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 2 PID: 584 Comm: unlink Tainted: G W\n 5.19.0-rc6-00115-g4a57a8400075-dirty #697\n RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\n RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\n Call Trace:\n \n __ext4_handle_dirty_metadata+0xa0/0x290\n ext4_handle_dirty_dirblock+0x10c/0x1d0\n ext4_delete_entry+0x104/0x200\n __ext4_unlink+0x22b/0x360\n ext4_unlink+0x275/0x390\n vfs_unlink+0x20b/0x4c0\n do_unlinkat+0x42f/0x4c0\n __x64_sys_unlink+0x37/0x50\n do_syscall_64+0x35/0x80\n\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()'\ninto the area protected by @jh->b_state_lock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f61c6dc4b714be9d79cf0782ca02ba01c1b7ac3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a734f0869f970b8a9b65062ea40b09a5da9dba8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6073389db83b903678a0920554fa19f5bdc51c48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/731c1662d838fe954c6759e3ee43229b0d928fe4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ddd896792e1718cb84c96f3e618270589b6886dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e62f79827784f56499a50ea2e893c98317b5407b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7161d0da975adc234161cd0641d0e484f5ce375", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa5b65d39332fef7a11ae99cb1f0696012a61527", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json new file mode 100644 index 00000000000..fabd6519cb2 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50127", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.477", + "lastModified": "2025-06-18T11:15:42.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix error unwind in rxe_create_qp()\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\n\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nMove the spinlock initializations earlier before any failures." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50128.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50128.json new file mode 100644 index 00000000000..42d8bf46c63 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50128.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50128", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.590", + "lastModified": "2025-06-18T11:15:42.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nandroid: binder: stop saving a pointer to the VMA\n\nDo not record a pointer to a VMA outside of the mmap_lock for later use. \nThis is unsafe and there are a number of failure paths *after* the\nrecorded VMA pointer may be freed during setup. There is no callback to\nthe driver to clear the saved pointer from generic mm code. Furthermore,\nthe VMA pointer may become stale if any number of VMA operations end up\nfreeing the VMA so saving it was fragile to being with.\n\nInstead, change the binder_alloc struct to record the start address of the\nVMA and use vma_lookup() to get the vma when needed. Add lockdep\nmmap_lock checks on updates to the vma pointer to ensure the lock is held\nand depend on that lock for synchronization of readers and writers - which\nwas already the case anyways, so the smp_wmb()/smp_rmb() was not\nnecessary.\n\n[akpm@linux-foundation.org: fix drivers/android/binder_alloc_selftest.c]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1ec3f76a436d750fd5023caec5da0494fc2870d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/622ef885a89ad04cfb76ee478fb44f051125d1f1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/925e6b6f82c9c80ab3c17acbde8d16f349da7d26", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a43cfc87caaf46710c8027a8c23b8a55f1078f19", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json new file mode 100644 index 00000000000..822be529395 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50129", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.700", + "lastModified": "2025-06-18T11:15:42.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Fix a use-after-free\n\nChange the LIO port members inside struct srpt_port from regular members\ninto pointers. Allocate the LIO port data structures from inside\nsrpt_make_tport() and free these from inside srpt_make_tport(). Keep\nstruct srpt_device as long as either an RDMA port or a LIO target port is\nassociated with it. This patch decouples the lifetime of struct srpt_port\n(controlled by the RDMA core) and struct srpt_port_id (controlled by LIO).\nThis patch fixes the following KASAN complaint:\n\n BUG: KASAN: use-after-free in srpt_enable_tpg+0x31/0x70 [ib_srpt]\n Read of size 8 at addr ffff888141cc34b8 by task check/5093\n\n Call Trace:\n \n show_stack+0x4e/0x53\n dump_stack_lvl+0x51/0x66\n print_address_description.constprop.0.cold+0xea/0x41e\n print_report.cold+0x90/0x205\n kasan_report+0xb9/0xf0\n __asan_load8+0x69/0x90\n srpt_enable_tpg+0x31/0x70 [ib_srpt]\n target_fabric_tpg_base_enable_store+0xe2/0x140 [target_core_mod]\n configfs_write_iter+0x18b/0x210\n new_sync_write+0x1f2/0x2f0\n vfs_write+0x3e3/0x540\n ksys_write+0xbb/0x140\n __x64_sys_write+0x42/0x50\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/388326bb1c32fcd09371c1d494af71471ef3a04b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ee8c39968a648d58b273582d4b021044a41ee5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5605148e6ce36bb21020d49010b617693933128", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de95b52d9aabc979166aba81ccbe623aaf9c16a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e60d7e2462bf57273563c4e00dbfa79ee973b9e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json new file mode 100644 index 00000000000..ff30b3896f4 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50130", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.810", + "lastModified": "2025-06-18T11:15:42.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: core: set smem_len before fb_deferred_io_init call\n\nThe fbtft_framebuffer_alloc() calls fb_deferred_io_init() before\ninitializing info->fix.smem_len. It is set to zero by the\nframebuffer_alloc() function. It will trigger a WARN_ON() at the\nstart of fb_deferred_io_init() and the function will not do anything." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4178bfa3fc9de556dfe248a6eabe29280f0ffda5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5185c319e8ea67657e0d3edd520a7276516c506a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ae6abe240306f878557d6eadd950a2e2561f59f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81e878887ff82a7dd42f22951391069a5d520627", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json new file mode 100644 index 00000000000..80d64b64c91 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50131", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:42.920", + "lastModified": "2025-06-18T11:15:42.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: mcp2221: prevent a buffer overflow in mcp_smbus_write()\n\nSmatch Warning:\ndrivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy()\n'&mcp->txbuf[5]' too small (59 vs 255)\ndrivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf'\ntoo small (34 vs 255)\n\nThe 'len' variable can take a value between 0-255 as it can come from\ndata->block[0] and it is user data. So add an bound check to prevent a\nbuffer overflow in memcpy()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c0f8a59f2cc8841ee6653399a77f4f3e6e9a270", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62ac2473553a00229e67bdf3cb023b62cf7f5a9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6402116a7b5ec80fa40fd145a80c813019cd555f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66c8e816f2f2ca4a61b406503bd10bad1b35f72f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91443c669d280937968f0aa4edefa741cfe35314", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json new file mode 100644 index 00000000000..ae26cc94751 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50132", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.030", + "lastModified": "2025-06-18T11:15:43.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()\n\nIf 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer\nand its dereference with priv_ep->cdns3_dev may cause panic.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7af83bb516d7aa4f96835288e4aeda21d7aa2a17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bfa0201468587072454dba7933e4a4a7be44467a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3ffc9c4ca44bfe9562166793d133e1fb0630ea6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d342203df9f2d0851b4acd9ed577d73d10eade77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb82c0382285ee17a9966aaab27b8becb08eb1ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json new file mode 100644 index 00000000000..8bcca64e0d0 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50133", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.140", + "lastModified": "2025-06-18T11:15:43.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci_plat_remove: avoid NULL dereference\n\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci->shared_hcd can be NULL, which causes the following Oops\non reboot:\n\n[ 710.124450] systemd-shutdown[1]: Rebooting.\n[ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[ 710.304217] usb usb3: USB disconnect, device number 1\n[ 710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[ 710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[ 710.328401] usb usb2: USB disconnect, device number 1\n[ 710.333515] usb 2-3: USB disconnect, device number 2\n[ 710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[ 710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[ 710.484425] Mem abort info:\n[ 710.487265] ESR = 0x0000000096000004\n[ 710.491060] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 710.496427] SET = 0, FnV = 0\n[ 710.499525] EA = 0, S1PTW = 0\n[ 710.502716] FSC = 0x04: level 0 translation fault\n[ 710.507648] Data abort info:\n[ 710.510577] ISV = 0, ISS = 0x00000004\n[ 710.514462] CM = 0, WnR = 0\n[ 710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[ 710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[ 710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[ 710.602067] lr : xhci_plat_remove+0x74/0x140\n[ 710.606351] sp : ffff800009f3b7c0\n[ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[ 710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[ 710.681251] Call trace:\n[ 710.683704] usb_remove_hcd+0x34/0x1e4\n[ 710.687467] xhci_plat_remove+0x74/0x140\n[ 710.691400] platform_remove+0x34/0x70\n[ 710.695165] device_remove+0x54/0x90\n[ 710.698753] device_release_driver_internal+0x200/0x270\n[ 710.703992] device_release_driver+0x24/0x30\n[ 710.708273] bus_remove_device+0xe0/0x16c\n[ 710.712293] device_del+0x178/0x390\n[ 710.715797] platform_device_del.part.0+0x24/0x90\n[ 710.720514] platform_device_unregister+0x30/0x50\n[ 710.725232] dwc3_host_exit+0x20/0x30\n[ 710.728907] dwc3_remove+0x174/0x1b0\n[ 710.732494] platform_remove+0x34/0x70\n[ 710.736254] device_remove+0x54/0x90\n[ 710.739840] device_release_driver_internal+0x200/0x270\n[ 710.745078] device_release_driver+0x24/0x30\n[ 710.749359] bus_remove_device+0xe0/0x16c\n[ 710.753380] device_del+0x178/0x390\n[ 710.756881] platform_device_del.part\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/371a8af4f26e06b4d51d893b4436f520b48d07fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7de14d74d6551f0d097430f9893ce82ad17e5b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json new file mode 100644 index 00000000000..60869e8d13c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50134", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.263", + "lastModified": "2025-06-18T11:15:43.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: fix potential memory leak in setup_base_ctxt()\n\nsetup_base_ctxt() allocates a memory chunk for uctxt->groups with\nhfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups\nis not released, which will lead to a memory leak.\n\nWe should release the uctxt->groups with hfi1_free_ctxt_rcv_groups()\nwhen init_user_ctxt() fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1750be1e9f18787cf717c24dbc5fa029fc372a22", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f90813f1c21c3d780585390af961bd17c8515ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90ef48a718f88935d4af53d7dadd1ceafe103ce6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a85c7dd1edadcdeca24e603a6618153a3bcc81ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9055dfe437efae77e28e57205437c878a03ccb7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa2a1df3a2c85f855af7d54466ac10bd48645d63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e25b828553aecb3185a8d8d0c4f9b4e133fb5db6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc4de8009fd6c2ca51986c6757efa964040e7d02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json new file mode 100644 index 00000000000..f2d3f1be80d --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50135", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.387", + "lastModified": "2025-06-18T11:15:43.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup\n\nThe function rxe_create_qp calls rxe_qp_from_init. If some error\noccurs, the error handler of function rxe_qp_from_init will set\nboth scq and rcq to NULL.\n\nThen rxe_create_qp calls rxe_put to handle qp. In the end,\nrxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly\naccesses scq and rcq before checking them. This will cause\nnull-ptr-deref error.\n\nThe call graph is as below:\n\nrxe_create_qp {\n ...\n rxe_qp_from_init {\n ...\n err1:\n ...\n qp->rcq = NULL; <---rcq is set to NULL\n qp->scq = NULL; <---scq is set to NULL\n ...\n }\n\nqp_init:\n rxe_put{\n ...\n rxe_qp_do_cleanup {\n ...\n atomic_dec(&qp->scq->num_wq); <--- scq is accessed\n ...\n atomic_dec(&qp->rcq->num_wq); <--- rcq is accessed\n }\n}" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37da51efe6eaa0560f46803c8c436a48a2084da7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8598b9d0a364c1663c96fc0fab9df0d36c809aea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json new file mode 100644 index 00000000000..dcab03a5349 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50136", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.493", + "lastModified": "2025-06-18T11:15:43.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event\n\nIf siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't\nbeen received completely, and should not report IW_CM_EVENT_CONNECT_REPLY\nin this case. This may trigger a call trace in iw_cm. A simple way to\ntrigger this:\n server: ib_send_lat\n client: ib_send_lat -R \n\nThe call trace looks like this:\n\n kernel BUG at drivers/infiniband/core/iwcm.c:894!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n <...>\n Workqueue: iw_cm_wq cm_work_handler [iw_cm]\n Call Trace:\n \n cm_work_handler+0x1dd/0x370 [iw_cm]\n process_one_work+0x1e2/0x3b0\n worker_thread+0x49/0x2e0\n ? rescuer_thread+0x370/0x370\n kthread+0xe5/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0066246d2d7e2619f3ecf3cf07333c59e6e7d84d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/11edf0bba15ea9df49478affec7974f351bb2f6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1434de50a5d9dab91c8ce031bc23b3e2178379c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3056fc6c32e613b760422b94c7617ac9a24a4721", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ade92ddaf2347fb34298c02080caaa3cdd7c27b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6e26e1a5f600b760dc32135d3fac846eabe09e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json new file mode 100644 index 00000000000..d9f14813fe7 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50137", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.623", + "lastModified": "2025-06-18T11:15:43.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a window for use-after-free\n\nDuring a destroy CQ an interrupt may cause processing of a CQE after CQ\nresources are freed by irdma_cq_free_rsrc(). Fix this by moving the call\nto irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is\ncalled under the cq_lock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0abf2eef80295923b819ce89ff9edc1fe61be17c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/350ac793a03c8a30a3f2b27fc282cd1c67070763", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ecef7890b3aea78c8bbb501a4b5b8134367b821", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92520864ef9f912f38b403d172a0ded020683d55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json new file mode 100644 index 00000000000..8efc7e1d091 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50138", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.733", + "lastModified": "2025-06-18T11:15:43.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()\n\n__qedr_alloc_mr() allocates a memory chunk for \"mr->info.pbl_table\" with\ninit_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, \"mr\"\nis released while \"mr->info.pbl_table\" is not released, which will lead\nto a memory leak.\n\nWe should release the \"mr->info.pbl_table\" with qedr_free_pbl() when error\noccurs to fix the memory leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07ba048df306dc93fc4d2ef670b9e24644a2069f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79ce50dddaf28b5c57911ecc80a2be17a0b17f83", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e647a8d5fc0a2c8e0f36f585a6388286a25bb15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3236a64ddd125a455ef5b5316c1b9051b732974", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4c9f7db9f0148423557539af0fdf513338efe08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json new file mode 100644 index 00000000000..2c1ba49ec4f --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50139", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.840", + "lastModified": "2025-06-18T11:15:43.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()\n\nWe should call of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0e0a40c803643f4edc30f0660f2f3bea4d57a99a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/220fafb4ed04187e9c17be4152da5a7f2ffbdd8c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3503305225ca24c3229414c769323fb8bf39b4bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4070f3c83cd28267f469a59751480ad39435f26a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6db5780c2bf6e23be7b315809ef349b4b4f2213", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json new file mode 100644 index 00000000000..a97a0bd6f9c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50140", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:43.953", + "lastModified": "2025-06-18T11:15:43.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/ms_block: Fix a memory leak\n\n'erased_blocks_bitmap' is never freed. As it is allocated at the same time\nas 'used_blocks_bitmap', it is likely that it should be freed also at the\nsame time.\n\nAdd the corresponding bitmap_free() in msb_data_clear()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16e07966638717416abf45393d6a80a5a1034429", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/37958980eb4cd71ae594ace093c11b6a91e165e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/39be95d1ff7b44c1e969af72ba9da7332dfcc1da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/54eb7a55be6779c4d0c25eaf5056498a28595049", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9260a154b3b5e387dbceec7c0ac441470646bc6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/961d7d12080fe70847f944d656e36cd0dd0214ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d8b911fe3c3ed788c66edba7c90e32a4a7a5f53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/efd675246aec045507b9425c67b548cc2d782d8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json new file mode 100644 index 00000000000..bc2e0b3adc6 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50141", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.070", + "lastModified": "2025-06-18T11:15:44.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() checks null pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/352377cf74710bc3368dddf78f17210dfe456933", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c472a2c9ed6ea9d272268d7f484d4303c549f1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/547db1dd98d1815574ebea7358015a17199a93bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b902840f6a3584f702bcb59834691b30f3d7c5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a63d5d01e83b984b1b9c7ae8fc9c8c93697a3820", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b074f1e8060836baeb0ee91181f4194b9a0ee16a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b305475df756256a186623f0991d05a816de881a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5899a3e2f783a27b268e38d37f9b24c71bddf45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json new file mode 100644 index 00000000000..ad31806a723 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50142", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.187", + "lastModified": "2025-06-18T11:15:44.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: msu: Fix vmalloced buffers\n\nAfter commit f5ff79fddf0e (\"dma-mapping: remove CONFIG_DMA_REMAP\") there's\na chance of DMA buffer getting allocated via vmalloc(), which messes up\nthe mmapping code:\n\n> RIP: msc_mmap_fault [intel_th_msu]\n> Call Trace:\n> \n> __do_fault\n> do_fault\n...\n\nFix this by accounting for vmalloc possibility." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ed72c6bc632cbf8d979ac60f982ff84b7bb610a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4914c50670b6a531e2cb17cd984cc565b4681312", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/566887bad7ff2297d6b3f9659c702ba075f3d62d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ae2881c1d1fa0e33f4763b7c786f8ef05a9c828", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac12ad3ccf6d386e64a9d6a890595a2509d24edd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5d924cb4c7b952eaa61622f14427723a78137a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json new file mode 100644 index 00000000000..353f6b3e512 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50143", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.297", + "lastModified": "2025-06-18T11:15:44.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: Fix a resource leak in an error handling path\n\nIf an error occurs after calling 'pci_alloc_irq_vectors()',\n'pci_free_irq_vectors()' must be called as already done in the remove\nfunction." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/086c28ab7c5699256aced0049aae9c42f1410313", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/859342220accd0d332864fafbf4e3d2d0492bc3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b5469573a274729bdb04b60a8d71f8d09940a31", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8f3b78b1f8e959d06801ae82149f140a75724e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed4d5ecb7d7fd80336afb2f9ac6685651a6aa32f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fae9da7d4c2ccad3792de03e3cac1fe2bfabb73d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json new file mode 100644 index 00000000000..68f946a04e9 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50144", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.413", + "lastModified": "2025-06-18T11:15:44.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: revisit driver bind/unbind and callbacks\n\nIn the SoundWire probe, we store a pointer from the driver ops into\nthe 'slave' structure. This can lead to kernel oopses when unbinding\ncodec drivers, e.g. with the following sequence to remove machine\ndriver and codec driver.\n\n/sbin/modprobe -r snd_soc_sof_sdw\n/sbin/modprobe -r snd_soc_rt711\n\nThe full details can be found in the BugLink below, for reference the\ntwo following examples show different cases of driver ops/callbacks\nbeing invoked after the driver .remove().\n\nkernel: BUG: kernel NULL pointer dereference, address: 0000000000000150\nkernel: Workqueue: events cdns_update_slave_status_work [soundwire_cadence]\nkernel: RIP: 0010:mutex_lock+0x19/0x30\nkernel: Call Trace:\nkernel: ? sdw_handle_slave_status+0x426/0xe00 [soundwire_bus 94ff184bf398570c3f8ff7efe9e32529f532e4ae]\nkernel: ? newidle_balance+0x26a/0x400\nkernel: ? cdns_update_slave_status_work+0x1e9/0x200 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82]\n\nkernel: BUG: unable to handle page fault for address: ffffffffc07654c8\nkernel: Workqueue: pm pm_runtime_work\nkernel: RIP: 0010:sdw_bus_prep_clk_stop+0x6f/0x160 [soundwire_bus]\nkernel: Call Trace:\nkernel: \nkernel: sdw_cdns_clock_stop+0xb5/0x1b0 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82]\nkernel: intel_suspend_runtime+0x5f/0x120 [soundwire_intel aca858f7c87048d3152a4a41bb68abb9b663a1dd]\nkernel: ? dpm_sysfs_remove+0x60/0x60\n\nThis was not detected earlier in Intel tests since the tests first\nremove the parent PCI device and shut down the bus. The sequence\nabove is a corner case which keeps the bus operational but without a\ndriver bound.\n\nWhile trying to solve this kernel oopses, it became clear that the\nexisting SoundWire bus does not deal well with the unbind case.\n\nCommit 528be501b7d4a (\"soundwire: sdw_slave: add probe_complete structure and new fields\")\nadded a 'probed' status variable and a 'probe_complete'\nstruct completion. This status is however not reset on remove and\nlikewise the 'probe complete' is not re-initialized, so the\nbind/unbind/bind test cases would fail. The timeout used before the\n'update_status' callback was also a bad idea in hindsight, there\nshould really be no timing assumption as to if and when a driver is\nbound to a device.\n\nAn initial draft was based on device_lock() and device_unlock() was\ntested. This proved too complicated, with deadlocks created during the\nsuspend-resume sequences, which also use the same device_lock/unlock()\nas the bind/unbind sequences. On a CometLake device, a bad DSDT/BIOS\ncaused spurious resumes and the use of device_lock() caused hangs\nduring suspend. After multiple weeks or testing and painful\nreverse-engineering of deadlocks on different devices, we looked for\nalternatives that did not interfere with the device core.\n\nA bus notifier was used successfully to keep track of DRIVER_BOUND and\nDRIVER_UNBIND events. This solved the bind-unbind-bind case in tests,\nbut it can still be defeated with a theoretical corner case where the\nmemory is freed by a .remove while the callback is in use. The\nnotifier only helps make sure the driver callbacks are valid, but not\nthat the memory allocated in probe remains valid while the callbacks\nare invoked.\n\nThis patch suggests the introduction of a new 'sdw_dev_lock' mutex\nprotecting probe/remove and all driver callbacks. Since this mutex is\n'local' to SoundWire only, it does not interfere with existing locks\nand does not create deadlocks. In addition, this patch removes the\n'probe_complete' completion, instead we directly invoke the\n'update_status' from the probe routine. That removes any sort of\ntiming dependency and a much better support for the device/driver\nmodel, the driver could be bound before the bus started, or eons after\nthe bus started and the hardware would be properly initialized in all\ncases.\n\nBugLink: https://github.com/thesofproject/linux/is\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/250b46505175889c6b5958c3829f610f52199f5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/432b30f08ca3303d2ebb22352cb04c4b6cfefe65", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fd6b03646b9a9e16d1ec19bd724cd6bd78e0ea5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd29c00edd0a5dac8b6e7332bb470cd50f92e893", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json new file mode 100644 index 00000000000..308cb2d2467 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50145", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.527", + "lastModified": "2025-06-18T11:15:44.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: Add multithread support for a DMA channel\n\nWhen we get a DMA channel and try to use it in multiple threads it\nwill cause oops and hanging the system.\n\n% echo 64 > /sys/module/dmatest/parameters/threads_per_chan\n% echo 10000 > /sys/module/dmatest/parameters/iterations\n% echo 1 > /sys/module/dmatest/parameters/run\n[ 89.480664] Unable to handle kernel NULL pointer dereference at virtual\n address 00000000000000a0\n[ 89.488725] Oops [#1]\n[ 89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 Not tainted\n 5.17.0-rc5\n[ 89.509385] epc : vchan_find_desc+0x32/0x46\n[ 89.513553] ra : sf_pdma_tx_status+0xca/0xd6\n\nThis happens because of data race. Each thread rewrite channels's\ndescriptor as soon as device_prep_dma_memcpy() is called. It leads to the\nsituation when the driver thinks that it uses right descriptor that\nactually is freed or substituted for other one.\n\nWith current fixes a descriptor changes its value only when it has\nbeen used. A new descriptor is acquired from vc->desc_issued queue that\nis already filled with descriptors that are ready to be sent. Threads\nhave no direct access to DMA channel descriptor. Now it is just possible\nto queue a descriptor for further processing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c7350b1dd8a192af844de32fc99b9e34c876fda", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ab2782c944e324008ef5d658f2494a9f0e3c5ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a93b3f1e11971a91b6441b6d47488f4492cc113f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2cc5c465c2cb8ab697c3fd6583c614e3f6cfbcc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9b4992f897be9b0b9e3a3b956cab6b75ccc3f11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json new file mode 100644 index 00000000000..4a0a270f5bd --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50146", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.633", + "lastModified": "2025-06-18T11:15:44.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors\n\nIf dw_pcie_ep_init() fails to perform any action after the EPC memory is\ninitialized and the MSI memory region is allocated, the latter parts won't\nbe undone thus causing a memory leak. Add a cleanup-on-error path to fix\nthese leaks.\n\n[bhelgaas: commit log]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2d546db5c80c45cac3ccd929550244fd58f4ff58", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8161e9626b50892eaedbd8070ecb1586ecedb109", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b03a8f1264ea8c363bec9ef6e37b467f27cb04ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7599a5974d4c64eaae8009c3f2e47b9e3223e07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json new file mode 100644 index 00000000000..e2b499b90cb --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50147", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.743", + "lastModified": "2025-06-18T11:15:44.743", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix get_nodes out of bound access\n\nWhen user specified more nodes than supported, get_nodes will access nmask\narray out of bounds." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/000eca5d044d1ee23b4ca311793cf3fc528da6c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/44652154484e7e3d12008802cfb6c28a8aa16d85", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8176f6a0d9c1b06bc7af7c3d6acd4a66448939df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1b5113674c3e95bb53c601ce2ea4719e851c74d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json new file mode 100644 index 00000000000..9aa110962bc --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50148", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.857", + "lastModified": "2025-06-18T11:15:44.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: fix potential NULL dereference in __kernfs_remove\n\nWhen lockdep is enabled, lockdep_assert_held_write would\ncause potential NULL pointer dereference.\n\nFix the following smatch warnings:\n\nfs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4a9f35b8729c5bf13ea671c908c17ed74c48fc50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72b5d5aef246a0387cefa23121dd90901c7a691a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b871986d9d3071f5082664ac274d93f08db257cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json new file mode 100644 index 00000000000..e1a6d09b193 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50149", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:44.963", + "lastModified": "2025-06-18T11:15:44.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential deadlock in __driver_attach\n\nIn __driver_attach function, There are also AA deadlock problem,\nlike the commit b232b02bf3c2 (\"driver core: fix deadlock in\n__device_attach\").\n\nstack like commit b232b02bf3c2 (\"driver core: fix deadlock in\n__device_attach\").\nlist below:\n In __driver_attach function, The lock holding logic is as follows:\n ...\n __driver_attach\n if (driver_allows_async_probing(drv))\n device_lock(dev) // get lock dev\n async_schedule_dev(__driver_attach_async_helper, dev); // func\n async_schedule_node\n async_schedule_node_domain(func)\n entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);\n /* when fail or work limit, sync to execute func, but\n __driver_attach_async_helper will get lock dev as\n will, which will lead to A-A deadlock. */\n if (!entry || atomic_read(&entry_count) > MAX_WORK) {\n func;\n else\n queue_work_node(node, system_unbound_wq, &entry->work)\n device_unlock(dev)\n\n As above show, when it is allowed to do async probes, because of\n out of memory or work limit, async work is not be allowed, to do\n sync execute instead. it will lead to A-A deadlock because of\n __driver_attach_async_helper getting lock dev.\n\nReproduce:\nand it can be reproduce by make the condition\n(if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like\nbelow:\n\n[ 370.785650] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables\nthis message.\n[ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid:\n0 flags:0x00004000\n[ 370.788865] Call Trace:\n[ 370.789374] \n[ 370.789841] __schedule+0x482/0x1050\n[ 370.790613] schedule+0x92/0x1a0\n[ 370.791290] schedule_preempt_disabled+0x2c/0x50\n[ 370.792256] __mutex_lock.isra.0+0x757/0xec0\n[ 370.793158] __mutex_lock_slowpath+0x1f/0x30\n[ 370.794079] mutex_lock+0x50/0x60\n[ 370.794795] __device_driver_lock+0x2f/0x70\n[ 370.795677] ? driver_probe_device+0xd0/0xd0\n[ 370.796576] __driver_attach_async_helper+0x1d/0xd0\n[ 370.797318] ? driver_probe_device+0xd0/0xd0\n[ 370.797957] async_schedule_node_domain+0xa5/0xc0\n[ 370.798652] async_schedule_node+0x19/0x30\n[ 370.799243] __driver_attach+0x246/0x290\n[ 370.799828] ? driver_allows_async_probing+0xa0/0xa0\n[ 370.800548] bus_for_each_dev+0x9d/0x130\n[ 370.801132] driver_attach+0x22/0x30\n[ 370.801666] bus_add_driver+0x290/0x340\n[ 370.802246] driver_register+0x88/0x140\n[ 370.802817] ? virtio_scsi_init+0x116/0x116\n[ 370.803425] scsi_register_driver+0x1a/0x30\n[ 370.804057] init_sd+0x184/0x226\n[ 370.804533] do_one_initcall+0x71/0x3a0\n[ 370.805107] kernel_init_freeable+0x39a/0x43a\n[ 370.805759] ? rest_init+0x150/0x150\n[ 370.806283] kernel_init+0x26/0x230\n[ 370.806799] ret_from_fork+0x1f/0x30\n\nTo fix the deadlock, move the async_schedule_dev outside device_lock,\nas we can see, in async_schedule_node_domain, the parameter of\nqueue_work_node is system_unbound_wq, so it can accept concurrent\noperations. which will also not change the code logic, and will\nnot lead to deadlock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37f908038402c9b8325763f306a1c65d88757e15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70fe758352cafdee72a7b13bf9db065f9613ced8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/733ab0c19bf17f6ad7c2b580ede006e369d5ab1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/779b634714c51d05baaeff4868ce2fd9fc7399bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8191b6cd9ada09b675f17446d5872eb1f77685cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a93f33aeef4e6a94ae9c9d3f5b2f9085ad0572ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50150.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50150.json new file mode 100644 index 00000000000..6bdf7b82ac6 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50150.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50150", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.073", + "lastModified": "2025-06-18T11:15:45.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmwifiex: fix sleep in atomic context bugs caused by dev_coredumpv\n\nThere are sleep in atomic context bugs when uploading device dump\ndata in mwifiex. The root cause is that dev_coredumpv could not\nbe used in atomic contexts, because it calls dev_set_name which\ninclude operations that may sleep. The call tree shows execution\npaths that could lead to bugs:\n\n (Interrupt context)\nfw_dump_timer_fn\n mwifiex_upload_device_dump\n dev_coredumpv(..., GFP_KERNEL)\n dev_coredumpm()\n kzalloc(sizeof(*devcd), gfp); //may sleep\n dev_set_name\n kobject_set_name_vargs\n kvasprintf_const(GFP_KERNEL, ...); //may sleep\n kstrdup(s, GFP_KERNEL); //may sleep\n\nThe corresponding fail log is shown below:\n\n[ 135.275938] usb 1-1: == mwifiex dump information to /sys/class/devcoredump start\n[ 135.281029] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:265\n...\n[ 135.293613] Call Trace:\n[ 135.293613] \n[ 135.293613] dump_stack_lvl+0x57/0x7d\n[ 135.293613] __might_resched.cold+0x138/0x173\n[ 135.293613] ? dev_coredumpm+0xca/0x2e0\n[ 135.293613] kmem_cache_alloc_trace+0x189/0x1f0\n[ 135.293613] ? devcd_match_failing+0x30/0x30\n[ 135.293613] dev_coredumpm+0xca/0x2e0\n[ 135.293613] ? devcd_freev+0x10/0x10\n[ 135.293613] dev_coredumpv+0x1c/0x20\n[ 135.293613] ? devcd_match_failing+0x30/0x30\n[ 135.293613] mwifiex_upload_device_dump+0x65/0xb0\n[ 135.293613] ? mwifiex_dnld_fw+0x1b0/0x1b0\n[ 135.293613] call_timer_fn+0x122/0x3d0\n[ 135.293613] ? msleep_interruptible+0xb0/0xb0\n[ 135.293613] ? lock_downgrade+0x3c0/0x3c0\n[ 135.293613] ? __next_timer_interrupt+0x13c/0x160\n[ 135.293613] ? lockdep_hardirqs_on_prepare+0xe/0x220\n[ 135.293613] ? mwifiex_dnld_fw+0x1b0/0x1b0\n[ 135.293613] __run_timers.part.0+0x3f8/0x540\n[ 135.293613] ? call_timer_fn+0x3d0/0x3d0\n[ 135.293613] ? arch_restore_msi_irqs+0x10/0x10\n[ 135.293613] ? lapic_next_event+0x31/0x40\n[ 135.293613] run_timer_softirq+0x4f/0xb0\n[ 135.293613] __do_softirq+0x1c2/0x651\n...\n[ 135.293613] RIP: 0010:default_idle+0xb/0x10\n[ 135.293613] RSP: 0018:ffff888006317e68 EFLAGS: 00000246\n[ 135.293613] RAX: ffffffff82ad8d10 RBX: ffff888006301cc0 RCX: ffffffff82ac90e1\n[ 135.293613] RDX: ffffed100d9ff1b4 RSI: ffffffff831ad140 RDI: ffffffff82ad8f20\n[ 135.293613] RBP: 0000000000000003 R08: 0000000000000000 R09: ffff88806cff8d9b\n[ 135.293613] R10: ffffed100d9ff1b3 R11: 0000000000000001 R12: ffffffff84593410\n[ 135.293613] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff11000c62fd2\n...\n[ 135.389205] usb 1-1: == mwifiex dump information to /sys/class/devcoredump end\n\nThis patch uses delayed work to replace timer and moves the operations\nthat may sleep into a delayed work in order to mitigate bugs, it was\ntested on Marvell 88W8801 chip whose port is usb and the firmware is\nusb8801_uapsta.bin. The following is the result after using delayed\nwork to replace timer.\n\n[ 134.936453] usb 1-1: == mwifiex dump information to /sys/class/devcoredump start\n[ 135.043344] usb 1-1: == mwifiex dump information to /sys/class/devcoredump end\n\nAs we can see, there is no bug now." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/938139aef61bff52a154c68553fbaabd6924737f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/956b79c2066551845d7124b01c5845d02ccf47a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a52ed4866d2b90dd5e4ae9dabd453f3ed8fa3cbc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a78b882c1a9feda10821a25201a0464674f8209e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8e8b8b9f23a0c68855ecfc756b96be6c9946ec1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json new file mode 100644 index 00000000000..03d34d20a4c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50151", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.190", + "lastModified": "2025-06-18T11:15:45.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix random warning message when driver load\n\nWarning log:\n[ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code!\n[ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20\n[ 4.158010] Hardware name: Freescale i.MX8QXP MEK (DT)\n[ 4.163155] Call trace:\n[ 4.165600] dump_backtrace+0x0/0x1b0\n[ 4.169286] show_stack+0x18/0x68\n[ 4.172611] dump_stack_lvl+0x68/0x84\n[ 4.176286] dump_stack+0x18/0x34\n[ 4.179613] kmalloc_fix_flags+0x60/0x88\n[ 4.183550] new_slab+0x334/0x370\n[ 4.186878] ___slab_alloc.part.108+0x4d4/0x748\n[ 4.191419] __slab_alloc.isra.109+0x30/0x78\n[ 4.195702] kmem_cache_alloc+0x40c/0x420\n[ 4.199725] dma_pool_alloc+0xac/0x1f8\n[ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0\n\npool_alloc_page(struct dma_pool *pool, gfp_t mem_flags)\n{\n\t...\n\tpage = kmalloc(sizeof(*page), mem_flags);\n\tpage->vaddr = dma_alloc_coherent(pool->dev, pool->allocation,\n\t\t\t\t\t &page->dma, mem_flags);\n\t...\n}\n\nkmalloc was called with mem_flags, which is passed down in\ncdns3_allocate_trb_pool() and have GFP_DMA32 flags.\nkmall_fix_flags() report warning.\n\nGFP_DMA32 is not useful at all. dma_alloc_coherent() will handle\nDMA memory region correctly by pool->dev. GFP_DMA32 can be removed\nsafely." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8659ab3d936fcf0084676f98b75b317017aa8f82", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e142744f0e96abc69ccd99e6d6c7eb662267f21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/960a8a35a6027a08c4b511435bf59609b5d5e5cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json new file mode 100644 index 00000000000..2608ae39884 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50152", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.297", + "lastModified": "2025-06-18T11:15:45.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/302970b4cad3ebfda2c05ce06c322ccdc447d17e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4db00c2fa6f8c9876a7e20511dccf43b50be9006", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50238c4b54c2ac6c2da7a84a4a2b0a570e3da0e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59026d5cc615da28e0c9806a71bf07065c906464", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/591ab8dbf6c21927f23f83ddb90691f48b86d136", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/65d36ec409b635dfc2f95f0d7c5877c9d0cb7630", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0fbac3bf26a11f084233519ddf3fd5e5bb28939", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d35903e9650f4fa79426ce390db8678dbf5ac432", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json new file mode 100644 index 00000000000..8612f664afe --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50153", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.417", + "lastModified": "2025-06-18T11:15:45.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: Fix refcount leak in ehci_hcd_ppc_of_probe\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/038453b17fe30ea38f0f3c916e2ae2b7f8cef84e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a50c917c67dd0bc39c14de4a8b75a1d50fdce66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/585d22a5624ef2b540c337665c72fea8cd33db50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8cbc3870ff356366842af3228dd8e7bc278e5edd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e51a512c1079109bec4c80915e647692d583e79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5c5b13cb45e2c88181308186b0001992cb41954", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9c4a480cb0ada07154debf681454cbb55e30b59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0a4b454486b23bb4d94ce49f490830ecc354040", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json new file mode 100644 index 00000000000..bdcfb689301 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50154", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.530", + "lastModified": "2025-06-18T11:15:45.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()\n\nof_get_child_by_name() returns a node pointer with refcount incremented, so\nwe should use of_node_put() on it when we don't need it anymore.\n\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0675fe20da7fa69b1ba80c23470c1433a2356c03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2aa166c39d5a8221e6e22ab1a583656d4c8dc7f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf038503d5fe90189743124233fe7aeb0984e961", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e593e22786edd9eca058cf054d6a2e12c138da67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json new file mode 100644 index 00000000000..1fafc609888 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50155", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.640", + "lastModified": "2025-06-18T11:15:45.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset\n\nof_find_node_by_path() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01bc3840d943cf725dea6ca13e11ffda82bad49a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3193c3a3f4fca65cb06d9d48d07fb96bc1f5b2bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/762475464982b15014f364ec0cf2a843407f5af1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e607879b0da18c451de5e91daf239cc2f2f8ff2d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json new file mode 100644 index 00000000000..e63cedb5d11 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50156", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.747", + "lastModified": "2025-06-18T11:15:45.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cp2112: prevent a buffer overflow in cp2112_xfer()\n\nSmatch warnings:\ndrivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()\n'data->block[1]' too small (33 vs 255)\ndrivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too\nsmall (64 vs 255)\n\nThe 'read_length' variable is provided by 'data->block[0]' which comes\nfrom user and it(read_length) can take a value between 0-255. Add an\nupper bound to 'read_length' variable to prevent a buffer overflow in\nmemcpy()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/26e427ac85c2b8d0d108cc80b6de34d33e2780c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/381583845d19cb4bd21c8193449385f3fefa9caf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3af7d60e9a6c17d6d41c4341f8020511887d372d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/519ff31a6ddd87aa4905bd9bf3b92e8b88801614", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8489a20ac481b08c0391608d81ed3796d373cfdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7028944e61014ae915e7fb74963d3835f2f761a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebda3d6b004bb6127a66a616524a2de152302ca7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json new file mode 100644 index 00000000000..cb179bca8cc --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50157", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.863", + "lastModified": "2025-06-18T11:15:45.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()\n\nof_get_next_child() returns a node pointer with refcount incremented, so we\nshould use of_node_put() on it when we don't need it anymore.\n\nmc_pcie_init_irq_domains() only calls of_node_put() in the normal path,\nmissing it in some error paths. Add missing of_node_put() to avoid\nrefcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6cd5f93b5c6a66c68a91dbc604a78207252ecd43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/880ece912b958a0c92cc0baa8e906fb9b49a4b53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0ad5c7e68d10f6f8ffb0f4329e3c19404fbca58", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f030304fdeb87ec8f1b518c73703214aec6cc24a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json new file mode 100644 index 00000000000..1b083ebbc4f --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50158", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:45.977", + "lastModified": "2025-06-18T11:15:45.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: partitions: Fix refcount leak in parse_redboot_of\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/55d0f7da66dec93c4d53d0886a1555618079a900", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ec48ac18d8f9e002ce9bfbad32741086739e499", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ea607579d300b2f7fc997f3dd20949114565fcd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f7e62815cf3cbbcb1b8cb21649fb4dfdb3aa016", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e24af43d0cbe9f6aaa413c15ccce50bbbfd61e0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3cc27198c5d78cdda60a55ae749f815cd1fe5eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json new file mode 100644 index 00000000000..e51c3557ebd --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50159", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.090", + "lastModified": "2025-06-18T11:15:46.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: check previous kernel's ima-kexec-buffer against memory bounds\n\nPresently ima_get_kexec_buffer() doesn't check if the previous kernel's\nima-kexec-buffer lies outside the addressable memory range. This can result\nin a kernel panic if the new kernel is booted with 'mem=X' arg and the\nima-kexec-buffer was allocated beyond that range by the previous kernel.\nThe panic is usually of the form below:\n\n$ sudo kexec --initrd initrd vmlinux --append='mem=16G'\n\n\n BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000\n Faulting instruction address: 0xc000000000837974\n Oops: Kernel access of bad area, sig: 11 [#1]\n\n NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0\n LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n Call Trace:\n [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108\n [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120\n [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0\n [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec\n [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0\n [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64\n Instruction dump:\n f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330\n 7c0802a6 fb610198 7c9b2378 f80101d0 2c090001 40820614 e9240010\n ---[ end trace 0000000000000000 ]---\n\nFix this issue by checking returned PFN range of previous kernel's\nima-kexec-buffer with page_is_ram() to ensure correct memory bounds." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b2263d6c86fca8f30e18231778393bfc287bb27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/beb5bba5dd132650c073f815c685c60c3e5b783b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cbf9c4b9617b6767886a913705ca14b7600c77db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc3b8525f83ac6bbc885bb24bbb8a76f4622200e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json new file mode 100644 index 00000000000..22730cb744d --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50160", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.207", + "lastModified": "2025-06-18T11:15:46.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in ap_flash_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/77087a04c8fd554134bddcb8a9ff87b21f357926", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80b1465b2ae81ebb59bbe62bcb7a7f7d4e9ece6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/941ef6997f9db704fe4fd62fc01e420fdd5048b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/995fb2874bb5696357846a91e59181c600e6aac8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a74322d4b897ddc268b340c4a397f6066c2f945d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/babd7b0124650ab71a6487e38588b8659b3aa2dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d10855876a6f47add6ff621cef25cc0171dac162", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5730780e9ea84e5476752a47c749036c6a74af5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json new file mode 100644 index 00000000000..40e5f14c7ad --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50161", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.327", + "lastModified": "2025-06-18T11:15:46.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in of_flash_probe_versatile\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/33ec82a6d2b119938f26e5c8040ed5d92378eb54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c8de6a838b7e0eb392754ac89dd66e698684342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4d67c8f74d804b20febf716ec96e9a475457ec60", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52ae2b14f76ef2d490337ddc0037bc37125be7b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d5ddd8771fa9cabeb247fba5f6ab60d63f3fbce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79e57889aa0d92a6d769bad808fb105e7b6ea495", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9124d51e01232a91da4034768a2a8d1688472179", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f516fbb63873ee23cba5b7c3d239677c30f13df8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json new file mode 100644 index 00000000000..cc4f330fdec --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50162", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.440", + "lastModified": "2025-06-18T11:15:46.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: Fix possible refcount leak in if_usb_probe()\n\nusb_get_dev will be called before lbs_get_firmware_async which means that\nusb_put_dev need to be called when lbs_get_firmware_async fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/00d0c4e59c0f8ad1f86874bb64b220394e687028", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c8e2f9ce1428e44cb103035eeced7aeb6b80980", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5b92f406a5199b6b01dc664b9226d824ae2835f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61b2ec97487399c58ae2e34f250f4884e671799b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fd57e1d120bf13d4dc6c200a7cf914e6347a316", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/878e7f39803a9ab5bb9766956a7a04351d4bf99d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97e5d3e46a3a2100253a9717a4df98d68aeb10b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7365590d15bbd9008f424ef043d1778ffe29f42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json new file mode 100644 index 00000000000..ccd226468e1 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50163", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.560", + "lastModified": "2025-06-18T11:15:46.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix incorrect dev_tracker usage\n\nWhile investigating a separate rose issue [1], and enabling\nCONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2]\n\nAn ax25_dev can be used by one (or many) struct ax25_cb.\nWe thus need different dev_tracker, one per struct ax25_cb.\n\nAfter this patch is applied, we are able to focus on rose.\n\n[1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/\n\n[2]\n[ 205.798723] reference already released.\n[ 205.798732] allocated in:\n[ 205.798734] ax25_bind+0x1a2/0x230 [ax25]\n[ 205.798747] __sys_bind+0xea/0x110\n[ 205.798753] __x64_sys_bind+0x18/0x20\n[ 205.798758] do_syscall_64+0x5c/0x80\n[ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798768] freed in:\n[ 205.798770] ax25_release+0x115/0x370 [ax25]\n[ 205.798778] __sock_release+0x42/0xb0\n[ 205.798782] sock_close+0x15/0x20\n[ 205.798785] __fput+0x9f/0x260\n[ 205.798789] ____fput+0xe/0x10\n[ 205.798792] task_work_run+0x64/0xa0\n[ 205.798798] exit_to_user_mode_prepare+0x18b/0x190\n[ 205.798804] syscall_exit_to_user_mode+0x26/0x40\n[ 205.798808] do_syscall_64+0x69/0x80\n[ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798827] ------------[ cut here ]------------\n[ 205.798829] WARNING: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81\n[ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video\n[ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25]\n[ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3\n[ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020\n[ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81\n[ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 <0f> 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e\n[ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286\n[ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000\n[ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff\n[ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618\n[ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0\n[ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001\n[ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000\n[ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0\n[ 205.799033] Call Trace:\n[ 205.799035] \n[ 205.799038] ? ax25_dev_device_down+0xd9/\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4294df1374450912b2f64ee3cf575069fc784679", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d08e3d71e5942f77fbff7f3529ed7fc82fbb3dfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7c4c9e075f8cc6d88d277bc24e5d99297f03c06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json new file mode 100644 index 00000000000..778f88f209b --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50164", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.677", + "lastModified": "2025-06-18T11:15:46.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n\nAfter successfull station association, if station queues are disabled for\nsome reason, the related lists are not emptied. So if some new element is\nadded to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old\none and produce a BUG like this:\n\n[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).\n[ 46.535283] ------------[ cut here ]------------\n[ 46.535284] kernel BUG at lib/list_debug.c:26!\n[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1\n[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012\n[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f\n[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1\n[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286\n[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000\n[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff\n[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666\n[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388\n[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0\n[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000\n[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0\n[ 46.687422] Call Trace:\n[ 46.689906] \n[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]\n[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]\n[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]\n[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]\n[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]\n...\n\nIn order to avoid this problem, we must also remove the related lists when\nstation queues are disabled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/14a3aacf517a9de725dd3219dbbcf741e31763c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/182d3c1385f44ba7c508bf5b1292a7fe96ad4e9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38d71acc15a2e72806b516380af0adb3830d4639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a40af2b0b9517fca7ae2a030c9c0a16836303c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5cca5f714fe6cedd2df9d8451ad8df21e6464f62", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff068c25bf90d26f0aee1751553f18076b797e8d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json new file mode 100644 index 00000000000..ea595108f5e --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50165", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.790", + "lastModified": "2025-06-18T11:15:46.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`\n\nCommit 7a4836560a61 changes simple_write_to_buffer() with memdup_user()\nbut it forgets to change the value to be returned that came from\nsimple_write_to_buffer() call. It results in the following warning:\n\n warning: variable 'rc' is uninitialized when used here [-Wuninitialized]\n return rc;\n ^~\n\nRemove rc variable and just return the passed in length if the\nmemdup_user() succeeds." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/409bd72e544fdf4809ea0dac337bb5a1f11a25a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52b11a48cf073e0aab923ae809a765d756cecf13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/689e5caf63e99e15d2f485ec297c1bf9243e0e28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6c5fee83bdbeffe8d607d1ab125122a75f40bd1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b13c84e877d7a3095bacb14665db304b2c00e95f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9fde3a44da566d8929070ab6bda4f0dfa9955d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4742c886043b69d2d058bfde3998ef333b66595", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d578e0af3a003736f6c440188b156483d451b329", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json new file mode 100644 index 00000000000..b4768806fcd --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50166", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:46.907", + "lastModified": "2025-06-18T11:15:46.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: When HCI work queue is drained, only queue chained work\n\nThe HCI command, event, and data packet processing workqueue is drained\nto avoid deadlock in commit\n76727c02c1e1 (\"Bluetooth: Call drain_workqueue() before resetting state\").\n\nThere is another delayed work, which will queue command to this drained\nworkqueue. Which results in the following error report:\n\nBluetooth: hci2: command 0x040f tx timeout\nWARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140\nWorkqueue: events hci_cmd_timeout\nRIP: 0010:__queue_work+0xdad/0x1140\nRSP: 0000:ffffc90002cffc60 EFLAGS: 00010093\nRAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000\nRDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08\nRBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700\nR10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60\nR13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800\nFS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ? queue_work_on+0xcb/0x110\n ? lockdep_hardirqs_off+0x90/0xd0\n queue_work_on+0xee/0x110\n process_one_work+0x996/0x1610\n ? pwq_dec_nr_in_flight+0x2a0/0x2a0\n ? rwlock_bug.part.0+0x90/0x90\n ? _raw_spin_lock_irq+0x41/0x50\n worker_thread+0x665/0x1080\n ? process_one_work+0x1610/0x1610\n kthread+0x2e9/0x3a0\n ? kthread_complete_and_exit+0x40/0x40\n ret_from_fork+0x1f/0x30\n \n\nTo fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the\ntimeout workqueue while command workqueue is draining." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3b382555706558f5c0587862b6dc03e96a252bba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bf367fa1fefabdf14938d0ac9ed60020389112e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/877afadad2dce8aae1f2aad8ce47e072d4f6165e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json new file mode 100644 index 00000000000..3145d6d8a7b --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50167", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.010", + "lastModified": "2025-06-18T11:15:47.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix potential 32-bit overflow when accessing ARRAY map element\n\nIf BPF array map is bigger than 4GB, element pointer calculation can\noverflow because both index and elem_size are u32. Fix this everywhere\nby forcing 64-bit multiplication. Extract this formula into separate\nsmall helper and use it consistently in various places.\n\nSpeculative-preventing formula utilizing index_mask trick is left as is,\nbut explicit u64 casts are added in both places." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json new file mode 100644 index 00000000000..de9e52ae4e5 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50168", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.117", + "lastModified": "2025-06-18T11:15:47.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, x86: fix freeing of not-finalized bpf_prog_pack\n\nsyzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens\nwith multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile()\non each sub program. And then, we call it on each sub program again. jit_data\nis not freed in the first call of bpf_int_jit_compile(). Similarly we don't\ncall bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile().\n\nIf bpf_int_jit_compile() failed for one sub program, we will call\nbpf_jit_binary_pack_finalize() for this sub program. However, we don't have a\nchance to call it for other sub programs. Then we will hit \"goto out_free\" in\njit_subprogs(), and call bpf_jit_free on some subprograms that haven't got\nbpf_jit_binary_pack_finalize() yet.\n\nAt this point, bpf_jit_binary_pack_free() is called and the whole 2MB page is\nfreed erroneously.\n\nFix this with a custom bpf_jit_free() for x86_64, which calls\nbpf_jit_binary_pack_finalize() if necessary. Also, with custom\nbpf_jit_free(), bpf_prog_aux->use_bpf_prog_pack is not needed any more,\nremove it.\n\n[1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f\n[2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60e66074812dde9cde3d99cdd3caa9e40f1a4516", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f91ce608a79c0db3e72bd63c23e011a9ebc31505", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json new file mode 100644 index 00000000000..4309092aa23 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50169", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.227", + "lastModified": "2025-06-18T11:15:47.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n\nThe simple_write_to_buffer() function will succeed if even a single\nbyte is initialized. However, we need to initialize the whole buffer\nto prevent information leaks. Just use memdup_user()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05ceda14ef7c73104e709c414c3680d8a59f51d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/074e865b37da55aa87baa16d68b96896f85f8adb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4615458db7793fadc6d546ac3564b36819e77a22", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60c9983425167ec5073c628d83a6875760d18059", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67470920cd3f3cb38699b1ad23234f96bead4d21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/789edc1af9c1a2293956e8534bfef3d18d629de9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a4836560a6198d245d5732e26f94898b12eb760", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c1216e699a1ce83ea005510844bd7508d34c6cef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json new file mode 100644 index 00000000000..60d584aa545 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50170", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.340", + "lastModified": "2025-06-18T11:15:47.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit: executor: Fix a memory leak on failure in kunit_filter_tests\n\nIt's possible that memory allocation for 'filtered' will fail, but for the\ncopy of the suite to succeed. In this case, the copy could be leaked.\n\nProperly free 'copy' in the error case for the allocation of 'filtered'\nfailing.\n\nNote that there may also have been a similar issue in\nkunit_filter_subsuites, before it was removed in \"kunit: flatten\nkunit_suite*** to kunit_suite** in .kunit_test_suites\".\n\nThis was reported by clang-analyzer via the kernel test robot, here:\nhttps://lore.kernel.org/all/c8073b8e-7b9e-0830-4177-87c12f16349c@intel.com/\n\nAnd by smatch via Dan Carpenter and the kernel test robot:\nhttps://lore.kernel.org/all/202207101328.ASjx88yj-lkp@intel.com/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7d69764fa3442c7615a75c6b5c02eaa1f274bccf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94681e289bf5d10c9db9db143d1a22d8717205c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8a7e3ced362b88b659ab54239990196ff975982", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json new file mode 100644 index 00000000000..45f9e418f61 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50171", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.443", + "lastModified": "2025-06-18T11:15:47.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - don't sleep when in softirq\n\nWhen kunpeng920 encryption driver is used to deencrypt and decrypt\npackets during the softirq, it is not allowed to use mutex lock. The\nkernel will report the following error:\n\nBUG: scheduling while atomic: swapper/57/0/0x00000300\nCall trace:\ndump_backtrace+0x0/0x1e4\nshow_stack+0x20/0x2c\ndump_stack+0xd8/0x140\n__schedule_bug+0x68/0x80\n__schedule+0x728/0x840\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x24\n__mutex_lock.constprop.0+0x594/0x5dc\n__mutex_lock_slowpath+0x1c/0x30\nmutex_lock+0x50/0x60\nsec_request_init+0x8c/0x1a0 [hisi_sec2]\nsec_process+0x28/0x1ac [hisi_sec2]\nsec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2]\nsec_skcipher_encrypt+0x1c/0x30 [hisi_sec2]\ncrypto_skcipher_encrypt+0x2c/0x40\ncrypto_authenc_encrypt+0xc8/0xfc [authenc]\ncrypto_aead_encrypt+0x2c/0x40\nechainiv_encrypt+0x144/0x1a0 [echainiv]\ncrypto_aead_encrypt+0x2c/0x40\nesp_output_tail+0x348/0x5c0 [esp4]\nesp_output+0x120/0x19c [esp4]\nxfrm_output_one+0x25c/0x4d4\nxfrm_output_resume+0x6c/0x1fc\nxfrm_output+0xac/0x3c0\nxfrm4_output+0x64/0x130\nip_build_and_send_pkt+0x158/0x20c\ntcp_v4_send_synack+0xdc/0x1f0\ntcp_conn_request+0x7d0/0x994\ntcp_v4_conn_request+0x58/0x6c\ntcp_v6_conn_request+0xf0/0x100\ntcp_rcv_state_process+0x1cc/0xd60\ntcp_v4_do_rcv+0x10c/0x250\ntcp_v4_rcv+0xfc4/0x10a4\nip_protocol_deliver_rcu+0xf4/0x200\nip_local_deliver_finish+0x58/0x70\nip_local_deliver+0x68/0x120\nip_sublist_rcv_finish+0x70/0x94\nip_list_rcv_finish.constprop.0+0x17c/0x1d0\nip_sublist_rcv+0x40/0xb0\nip_list_rcv+0x140/0x1dc\n__netif_receive_skb_list_core+0x154/0x28c\n__netif_receive_skb_list+0x120/0x1a0\nnetif_receive_skb_list_internal+0xe4/0x1f0\nnapi_complete_done+0x70/0x1f0\ngro_cell_poll+0x9c/0xb0\nnapi_poll+0xcc/0x264\nnet_rx_action+0xd4/0x21c\n__do_softirq+0x130/0x358\nirq_exit+0x11c/0x13c\n__handle_domain_irq+0x88/0xf0\ngic_handle_irq+0x78/0x2c0\nel1_irq+0xb8/0x140\narch_cpu_idle+0x18/0x40\ndefault_idle_call+0x5c/0x1c0\ncpuidle_idle_call+0x174/0x1b0\ndo_idle+0xc8/0x160\ncpu_startup_entry+0x30/0x11c\nsecondary_start_kernel+0x158/0x1e4\nsoftirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with\npreempt_count 00000100, exited with fffffe00?" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02884a4f12de11f54d4ca67a07dd1f111d96fdbd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/16e18a8ac7c9748cf35a8d2f0ba2c6e8850e7568", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a461ba5b9753352f438824fdd915cba675b1733", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa495dfe71229b9034b59d8072ff0b2325ddd5ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9be45e4c69fde36522274f04d1aa0d097ae3958", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json new file mode 100644 index 00000000000..9954762cc5a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50172", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.550", + "lastModified": "2025-06-18T11:15:47.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n\nFree the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2f53ba46d8c97aca681adbe5098e1f84580c446d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ad958bc488e3ecb0207d31621c00efb86f17482", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cffd93411575afd987788e2ec3cb8eaff70f0215", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da1ab462b96c5d47a0755aec957bae3d685538c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1609c4f4a21777e081b36596224802b85052ad9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json new file mode 100644 index 00000000000..74efbfb0aa8 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50173", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.660", + "lastModified": "2025-06-18T11:15:47.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Fix global state lock backoff\n\nWe need to grab the lock after the early return for !hwpipe case.\nOtherwise, we could have hit contention yet still returned 0.\n\nFixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged\nin CI:\n\n WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154\n Modules linked in:\n CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1\n Hardware name: Qualcomm Technologies, Inc. DB820c (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : drm_modeset_lock+0xf8/0x154\n lr : drm_atomic_get_private_obj_state+0x84/0x170\n sp : ffff80000cfab6a0\n x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00\n x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58\n x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001\n x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038\n x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0\n x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47\n x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610\n x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000\n x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029\n x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58\n Call trace:\n drm_modeset_lock+0xf8/0x154\n drm_atomic_get_private_obj_state+0x84/0x170\n mdp5_get_global_state+0x54/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x2ec/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n ...\n ---[ end trace 0000000000000000 ]---\n drm_modeset_lock attempting to lock a contended lock without backoff:\n drm_modeset_lock+0x148/0x154\n mdp5_get_global_state+0x30/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x290/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n drm_atomic_check_only+0x4b0/0x8f4\n drm_atomic_commit+0x68/0xe0\n\nPatchwork: https://patchwork.freedesktop.org/patch/492701/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b07f28c23ff50a7fa5dbc3f6b3b6bd53ac9fc70", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/247f2934324f9a18d18df24ea4bfcc7d4631d0ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e34d6c8180a398de6448a93df25068bf3062042", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2fdf5a54ef9376ff69149a48c5616f1141008c9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92ef86ab513593c6329d04146e61f9a670e72fc5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf386c955f35a0a01bef482b6035d40ff2f6cc75", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4e3a8c7e890049e7ba2b49ad0315dae841dfa55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json new file mode 100644 index 00000000000..0a599fd7bfd --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50174", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.770", + "lastModified": "2025-06-18T11:15:47.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: avoid kernel hung in hinic_get_stats64()\n\nWhen using hinic device as a bond slave device, and reading device stats\nof master bond device, the kernel may hung.\n\nThe kernel panic calltrace as follows:\nKernel panic - not syncing: softlockup: hung tasks\nCall trace:\n native_queued_spin_lock_slowpath+0x1ec/0x31c\n dev_get_stats+0x60/0xcc\n dev_seq_printf_stats+0x40/0x120\n dev_seq_show+0x1c/0x40\n seq_read_iter+0x3c8/0x4dc\n seq_read+0xe0/0x130\n proc_reg_read+0xa8/0xe0\n vfs_read+0xb0/0x1d4\n ksys_read+0x70/0xfc\n __arm64_sys_read+0x20/0x30\n el0_svc_common+0x88/0x234\n do_el0_svc+0x2c/0x90\n el0_svc+0x1c/0x30\n el0_sync_handler+0xa8/0xb0\n el0_sync+0x148/0x180\n\nAnd the calltrace of task that actually caused kernel hungs as follows:\n __switch_to+124\n __schedule+548\n schedule+72\n schedule_timeout+348\n __down_common+188\n __down+24\n down+104\n hinic_get_stats64+44 [hinic]\n dev_get_stats+92\n bond_get_stats+172 [bonding]\n dev_get_stats+92\n dev_seq_printf_stats+60\n dev_seq_show+24\n seq_read_iter+964\n seq_read+220\n proc_reg_read+164\n vfs_read+172\n ksys_read+108\n __arm64_sys_read+28\n el0_svc_common+132\n do_el0_svc+40\n el0_svc+24\n el0_sync_handler+164\n el0_sync+324\n\nWhen getting device stats from bond, kernel will call bond_get_stats().\nIt first holds the spinlock bond->stats_lock, and then call\nhinic_get_stats64() to collect hinic device's stats.\nHowever, hinic_get_stats64() calls `down(&nic_dev->mgmt_lock)` to\nprotect its critical section, which may schedule current task out.\nAnd if system is under high pressure, the task cannot be woken up\nimmediately, which eventually triggers kernel hung panic.\n\nSince previous patch has replaced hinic_dev.tx_stats/rx_stats with local\nvariable in hinic_get_stats64(), there is nothing need to be protected\nby lock, so just removing down()/up() is ok." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3ba59bbe4f306bb6ee15753db0a40564c0eb7909", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/693f31dc91568e61047fd2980a8235e856cd9ce8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98f9fcdee35add80505b6c73f72de5f750d5c03c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e74f3097a9c713ce855cda07713393bcc23a005d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fced5bce712122654ec8a20356342698cce104d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json new file mode 100644 index 00000000000..1fc9e4192ff --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50175", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.883", + "lastModified": "2025-06-18T11:15:47.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tw686x: Fix memory leak in tw686x_video_init\n\nvideo_device_alloc() allocates memory for vdev,\nwhen video_register_device() fails, it doesn't release the memory and\nleads to memory leak, call video_device_release() to fix this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0597bcf774896a002edcc7934a9cdbb932b66702", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/611f86965df013d6021e6cd0d155b1734ad2cf21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b412db51db24dfba22c96948580d4a12f831397", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c142a7531b90c6b0f946c82d3f504b3f36a207df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0b212ec9d8177d6f7c404315293f6a085d6ee42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json new file mode 100644 index 00000000000..5620efcf250 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50176", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:47.993", + "lastModified": "2025-06-18T11:15:47.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mcde: Fix refcount leak in mcde_dsi_bind\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference counter of the previous node. There is no decrement\nwhen break out from the loop and results in refcount leak.\nAdd missing of_node_put() to fix this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3123ae6fdd4013d24a3a4877084b14e917faae5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/32c827e30bb44ae809950a9efab59e98e44d30e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a149169e4a2f9127022fec6ef5d71b4e804b3b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7214902de5b1fb2b632a7b8b3b9540e41aabab38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87c35bbefdfa3c5edfb8c80f5c04717aaacc629d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f57699a9b66ea11f000f56d1f1179059239b8690", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json new file mode 100644 index 00000000000..7e49996a54a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50177", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.107", + "lastModified": "2025-06-18T11:15:48.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix ksoftirqd boosting timing and iteration\n\nThe RCU priority boosting can fail in two situations:\n\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\n\nThe issues can trigger for example with:\n\n\t./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\"\n\n\t[ 34.968561] rcu-torture: !!!\n\t[ 34.968627] ------------[ cut here ]------------\n\t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.052043] Modules linked in:\n\t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n\t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n\t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n\t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n\t[ 37.277320] rcu: De-offloading 8\n\t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n\t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n\t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n\t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n\t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n\t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n\t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n\t[ 37.290470] Call Trace:\n\t[ 37.295049] \n\t[ 37.295065] ? preempt_count_add+0x63/0x90\n\t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n\t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n\t[ 37.295143] rcu_torture_stats+0x29/0x70\n\t[ 37.295160] kthread+0xe3/0x110\n\t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n\t[ 37.295193] ret_from_fork+0x22/0x30\n\t[ 37.295218] \n\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3002153a91a9732a6d1d0bb95138593c7da15743", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/621595f771a6bd458ffbc40679e222ba5d0a7a1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e7472c62c6ded322afd9d5ac8bb20a08e7c5674", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e84693621f53bf894af9905a6531e0530402145", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json new file mode 100644 index 00000000000..d99a3afdfb7 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50178", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.217", + "lastModified": "2025-06-18T11:15:48.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn't good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn't zero; otherwise,\nzero is adopted.\n\n divide error: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 \n RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n rtw89_core_sta_add+0x95/0x9c [rtw89_core ]\n rtw89_ops_sta_state+0x5d/0x108 [rtw89_core ]\n drv_sta_state+0x115/0x66f [mac80211 ]\n sta_info_insert_rcu+0x45c/0x713 [mac80211 ]\n sta_info_insert+0xf/0x1b [mac80211 ]\n ieee80211_prep_connection+0x9d6/0xb0c [mac80211 ]\n ieee80211_mgd_auth+0x2aa/0x352 [mac80211 ]\n cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 ]\n nl80211_authenticate+0x2e5/0x306 [cfg80211 ]\n genl_rcv_msg+0x371/0x3a1\n ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 ]\n ? genl_rcv+0x36/0x36\n netlink_rcv_skb+0x8a/0xf9\n genl_rcv+0x28/0x36\n netlink_unicast+0x27b/0x3a0\n netlink_sendmsg+0x2aa/0x469\n sock_sendmsg_nosec+0x49/0x4d\n ____sys_sendmsg+0xe5/0x213\n __sys_sendmsg+0xec/0x157\n ? syscall_enter_from_user_mode+0xd7/0x116\n do_syscall_64+0x43/0x55\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7fa99f6e689b" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json new file mode 100644 index 00000000000..1679b7e9ccc --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50179", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.330", + "lastModified": "2025-06-18T11:15:48.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k: fix use-after-free in ath9k_hif_usb_rx_cb\n\nSyzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The\nproblem was in incorrect htc_handle->drv_priv initialization.\n\nProbable call trace which can trigger use-after-free:\n\nath9k_htc_probe_device()\n /* htc_handle->drv_priv = priv; */\n ath9k_htc_wait_for_target() <--- Failed\n ieee80211_free_hw()\t\t <--- priv pointer is freed\n\n\n...\nath9k_hif_usb_rx_cb()\n ath9k_hif_usb_rx_stream()\n RX_STAT_INC()\t\t<--- htc_handle->drv_priv access\n\nIn order to not add fancy protection for drv_priv we can move\nhtc_handle->drv_priv initialization at the end of the\nath9k_htc_probe_device() and add helper macro to make\nall *_STAT_* macros NULL safe, since syzbot has reported related NULL\nderef in that macros [1]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50180.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50180.json new file mode 100644 index 00000000000..5f83b7b7b7f --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50180.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50180", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.463", + "lastModified": "2025-06-18T11:15:48.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()\n\nAs a result of the execution of the inner while loop, the value\nof 'idx' can be equal to LINK_QUAL_MAX_RETRY_NUM. However, this\nis not checked after the loop and 'idx' is used to write the\nLINK_QUAL_MAX_RETRY_NUM size array 'lq_cmd->rs_table[idx]' below\nin the outer loop.\n\nThe fix is to check the new value of 'idx' inside the nested loop,\nand break both loops if index equals the size. Checking it at the\nstart is now pointless, so let's remove it.\n\nDetected using the static analysis tool - Svace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/20be29b99dfed089fe7b8698cd18dfdda6049bd7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73304c7594080362107bea4c0c3b7da2fb134cc4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88b551561ded10017dd846c8aeb2296a5119a915", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f1acb3ce0e37e9c38a6060a0570d56d2963e797", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8eb8e6f7159c7c20c0ddac428bde3d110890aa7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b7c39b1a3d4b8d2ba8c13d5ae1303705b03b46d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7d6cac6967534e1298497e853964b3d3f994ce3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f59e7534e2b11d7c018a412c293897e8417addd4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json new file mode 100644 index 00000000000..08ae8d8d7a7 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50181", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.587", + "lastModified": "2025-06-18T11:15:48.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-gpu: fix a missing check to avoid NULL dereference\n\n'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()\nand it will lead to a NULL dereference by a lately use of it\n(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.\n\n\n[ kraxel: minor codestyle fixup ]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/259773fc874258606c0121767a4a27466ff337eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/367882a5a9448b5e1ba756125308092d614cb96c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/39caef09666c1d8274abf9472c72bcac236dc5fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adbdd21983fa292e53aec3eab97306b2961ea887", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd63f11f4c3c46afec07d821f74736161ff6e526", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json new file mode 100644 index 00000000000..b8c8ea7b03f --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50182", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.700", + "lastModified": "2025-06-18T11:15:48.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Align upwards buffer size\n\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\n\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\n\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\n\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/447795ffb17cd60bb544e0abfc9399e180a14a2f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73d1836ed7911953182b787745cb8c5857a2661c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ae2d729de6350c53a06c57782751d84eb2c08d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e7aa76cdb02923ee23a0ddd48f38bdc3512f92b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json new file mode 100644 index 00000000000..509e7e0890c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50183", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.810", + "lastModified": "2025-06-18T11:15:48.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/51c36411ae27bf5f06c43462d2de2d4947ed33ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d255ddbbf679aa47e041cbf68520fd985ed2279", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb5ac08d5bd8626c318bd80a5063263daab8fdb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json new file mode 100644 index 00000000000..1664a3657ad --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50184", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:48.917", + "lastModified": "2025-06-18T11:15:48.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/013e67e7dd898170cbf54981cf1ed7616f822566", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/275fed7142fff5b27e176e53508196715043de5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/994bc82df85564d948037f1dfdd47c907e8a084b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d82a5a4aae9d0203234737caed1bf470aa317568", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json new file mode 100644 index 00000000000..76bdf19771a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50185", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.030", + "lastModified": "2025-06-18T11:15:49.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()\n\nThe last case label can write two buffers 'mc_reg_address[j]' and\n'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE\nsince there are no checks for this value in both case labels after the\nlast 'j++'.\n\nInstead of changing '>' to '>=' there, add the bounds check at the start\nof the second 'case' (the first one already has it).\n\nAlso, remove redundant last checks for 'j' index bigger than array size.\nThe expression is always false. Moreover, before or after the patch\n'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it\nseems it can be a valid value.\n\nDetected using the static analysis tool - Svace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/136f614931a2bb73616b292cf542da3a18daefd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1f341053852be76f82610ce47a505d930512f05c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/782e413e38dffd37cc85b08b1ccb982adb4a93ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8508d6d23a247c29792ce2fc0df3f3404d6a6a80", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9faff03617afeced1c4e5daa89e79b3906374342", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db1a9add3f90ff1c641974d5bb910c16b87af4ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/deb603c5928e546609c0d5798e231d0205748943", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea73869df6ef386fc0feeb28ff66742ca835b18f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json new file mode 100644 index 00000000000..a7f0344803a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50186", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.147", + "lastModified": "2025-06-18T11:15:49.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix missing skb drop on htc_tx_completion error\n\nOn htc_tx_completion error the skb is not dropped. This is wrong since\nthe completion_handler logic expect the skb to be consumed anyway even\nwhen an error is triggered. Not freeing the skb on error is a memory\nleak since the skb won't be freed anywere else. Correctly free the\npacket on eid >= ATH11K_HTC_EP_COUNT before returning.\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f1483361585ae7556492f50f83f038bbdf8c294", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dda25326839d6e6b1fe59e79616149e44ea4eaa4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5646fe3b7ef739c392e59da7db6adf5e1fdef42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json new file mode 100644 index 00000000000..d678eaaa44a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50187", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.267", + "lastModified": "2025-06-18T11:15:49.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix netdev open race\n\nMake sure to allocate resources needed before registering the device.\n\nThis specifically avoids having a racing open() trigger a BUG_ON() in\nmod_timer() when ath11k_mac_op_start() is called before the\nmon_reap_timer as been set up.\n\nI did not see this issue with next-20220310, but I hit it on every probe\nwith next-20220511. Perhaps some timing changed in between.\n\nHere's the backtrace:\n\n[ 51.346947] kernel BUG at kernel/time/timer.c:990!\n[ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n...\n[ 51.578225] Call trace:\n[ 51.583293] __mod_timer+0x298/0x390\n[ 51.589518] mod_timer+0x14/0x20\n[ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k]\n[ 51.603165] drv_start+0x38/0x60 [mac80211]\n[ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211]\n[ 51.617945] ieee80211_open+0x60/0xb0 [mac80211]\n[ 51.625311] __dev_open+0x100/0x1c0\n[ 51.631420] __dev_change_flags+0x194/0x210\n[ 51.638214] dev_change_flags+0x24/0x70\n[ 51.644646] do_setlink+0x228/0xdb0\n[ 51.650723] __rtnl_newlink+0x460/0x830\n[ 51.657162] rtnl_newlink+0x4c/0x80\n[ 51.663229] rtnetlink_rcv_msg+0x124/0x390\n[ 51.669917] netlink_rcv_skb+0x58/0x130\n[ 51.676314] rtnetlink_rcv+0x18/0x30\n[ 51.682460] netlink_unicast+0x250/0x310\n[ 51.688960] netlink_sendmsg+0x19c/0x3e0\n[ 51.695458] ____sys_sendmsg+0x220/0x290\n[ 51.701938] ___sys_sendmsg+0x7c/0xc0\n[ 51.708148] __sys_sendmsg+0x68/0xd0\n[ 51.714254] __arm64_sys_sendmsg+0x28/0x40\n[ 51.720900] invoke_syscall+0x48/0x120\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/307ce58270b3b50ca21cfcc910568429b06803f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2c45f8c3d18269e641f0c7da2dde47ef8414034", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/abb7dc8fbb27c15dcc927df56190f3c5ede58bd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4ba1ff87b17e81686ada8f429300876f55f95ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eaff3946a86fc63280a30158a4ae1e141449817c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json new file mode 100644 index 00000000000..20324f85f3a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50188", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.383", + "lastModified": "2025-06-18T11:15:49.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: Fix refcount leak in meson_encoder_hdmi_init\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it when not need anymore.\nAdd missing put_device() in error path to avoid refcount\nleak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/50446ac34545580d073ff0dd154b796726772668", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7381076809586528e2a812a709e2758916318a99", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79b15eb0aa059b3a5bc60364ce82eb2cefac80db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bfcca6234b2a36d213f0cc1c127becc17680f7df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json new file mode 100644 index 00000000000..6c0a10ef0db --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50189", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.490", + "lastModified": "2025-06-18T11:15:49.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix file pointer leak\n\nCurrently if a fscanf fails then an early return leaks an open\nfile pointer. Fix this by fclosing the file before the return.\nDetected using static analysis with cppcheck:\n\ntools/power/x86/turbostat/turbostat.c:2039:3: error: Resource leak: fp [resourceLeak]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2ebf6f5946817f33fb33e613e359229e98164eb3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e5fd36c58d6c820f7292ee492c3731c9a104a41", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json new file mode 100644 index 00000000000..ac3c840bb0c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50190", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.593", + "lastModified": "2025-06-18T11:15:49.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix simplification of devm_spi_register_controller\n\nThis reverts commit 59ebbe40fb51 (\"spi: simplify\ndevm_spi_register_controller\").\n\nIf devm_add_action() fails in devm_add_action_or_reset(),\ndevm_spi_unregister() will be called, it decreases the\nrefcount of 'ctlr->dev' to 0, then it will cause uaf in\nthe drivers that calling spi_put_controller() in error path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/34bab623ebfc08398499e463396b81abb4abe01e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c6bd448442b6c3f6843ac70d57201a13478dd47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43cc5a0afe4184a7fafe1eba32b5a11bb69c9ce0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/445fb9c19cf45bd9472fd9babaa31c5e6c7d2720", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json new file mode 100644 index 00000000000..e1fa72ea4d4 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50191", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.693", + "lastModified": "2025-06-18T11:15:49.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n\nWe should call the of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/11ecb4f8735b0230d54a82c18b21ea778b695d61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/332e555dca074c4eb2084898021c3676423814c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35f9e861d9b9434903a8ede37a3561f78985826d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66efb665cd5ad69b27dca8571bf89fc6b9c628a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a23098cc32860272dc6c3200ff20c34c65b7b694", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9ca8585c766616563cf3c062c6878f61f83cf00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9df8ff290097aabd5c9200f7f729b0813d37b19", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc7b19f547bc9e622060a0a9a39da2330aa21c53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json new file mode 100644 index 00000000000..ab80f9de90e --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50192", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.810", + "lastModified": "2025-06-18T11:15:49.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra20-slink: fix UAF in tegra_slink_remove()\n\nAfter calling spi_unregister_master(), the refcount of master will\nbe decrease to 0, and it will be freed in spi_controller_release(),\nthe device data also will be freed, so it will lead a UAF when using\n'tspi'. To fix this, get the master before unregister and put it when\nfinish using it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/415b4ce61308f24583912d887772dfcbf97f1d20", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67f77172644260482fdafc03b6025847944701e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e9984d183bb1e99e766c5c2b950ff21f7f7b6c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/800c7767e05d29656713e04532823a752e57e037", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json new file mode 100644 index 00000000000..f17e7d4e3a7 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50193", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:49.920", + "lastModified": "2025-06-18T11:15:49.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: wake up all waiters after z_erofs_lzma_head ready\n\nWhen the user mounts the erofs second times, the decompression thread\nmay hung. The problem happens due to a sequence of steps like the\nfollowing:\n\n1) Task A called z_erofs_load_lzma_config which obtain all of the node\n from the z_erofs_lzma_head.\n\n2) At this time, task B called the z_erofs_lzma_decompress and wanted to\n get a node. But the z_erofs_lzma_head was empty, the Task B had to\n sleep.\n\n3) Task A release nodes and push nodes into the z_erofs_lzma_head. But\n task B was still sleeping.\n\nOne example report when the hung happens:\ntask:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000\nWorkqueue: erofs_unzipd z_erofs_decompressqueue_work\nCall Trace:\n \n __schedule+0x281/0x760\n schedule+0x49/0xb0\n z_erofs_lzma_decompress+0x4bc/0x580\n ? cpu_core_flags+0x10/0x10\n z_erofs_decompress_pcluster+0x49b/0xba0\n ? __update_load_avg_se+0x2b0/0x330\n ? __update_load_avg_se+0x2b0/0x330\n ? update_load_avg+0x5f/0x690\n ? update_load_avg+0x5f/0x690\n ? set_next_entity+0xbd/0x110\n ? _raw_spin_unlock+0xd/0x20\n z_erofs_decompress_queue.isra.0+0x2e/0x50\n z_erofs_decompressqueue_work+0x30/0x60\n process_one_work+0x1d3/0x3a0\n worker_thread+0x45/0x3a0\n ? process_one_work+0x3a0/0x3a0\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2478e36ec437a27f8a05bea9e4269a68c554e21f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96aa2a6a89618d850ef082e4268007e840c28769", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json new file mode 100644 index 00000000000..8ecde717c04 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50194", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.030", + "lastModified": "2025-06-18T11:15:50.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/053543ac1d095132fcfd1263805d6e25afbdc6a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/591f0697ccbac33760d3bb1ad96a5ba2b76ae9f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97713ed9b6cc4abaa2dcc8357113c56520dc6d7f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc73c72a856c26df7410ddf15f42257cb4960fe9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca83c61a6ccf3934cf8d01d5ade30a5034993a86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6e0951414a314e7db3e9e24fd924b3e15515288", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json new file mode 100644 index 00000000000..4a100fe8a3a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50195", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.140", + "lastModified": "2025-06-18T11:15:50.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: dts: qcom: replace gcc PXO with pxo_board fixed clock\n\nReplace gcc PXO phandle to pxo_board fixed clock declared in the dts.\ngcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause a\nkernel panic if any driver actually try to use it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a4fa4ce697987b71eafce17bb198961ed9070bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb9e93937756a05787977875830c0dc482cb57e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json new file mode 100644 index 00000000000..56709df671a --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50196", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.247", + "lastModified": "2025-06-18T11:15:50.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: ocmem: Fix refcount leak in of_get_ocmem\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() will check NULL pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07aea6819d569d1e172227486655e4fb5bd4cdb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84a928b44cb303d5756e3bff2734921de8dce4f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92a563fcf14b3093226fb36f12e9b5cf630c5a5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1e4243c0dddeafb4ace6d9906d3f5129b81a9fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed40a48d0a9166edb22e2b8efafea822e93dd79a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json new file mode 100644 index 00000000000..3b4b7730b38 --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50197", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.360", + "lastModified": "2025-06-18T11:15:50.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: zynq: Fix refcount leak in zynq_get_revision\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/179034fb108e3655142f2af0c309cef171c34d68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/22e6d8bcde8e66b64f46bf9bd2d3d0f88d40c39f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3b01353f1825151a29d08e0868b2bf01e1116ab5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a530fa52d4fdffc5f010f90c05ac63019b8ff5f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1ff2559cef0f6f8d97fba6337b28adb10689e16", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dcbb974254d2a27240c2e50185afdde90f923feb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ecefd22d5db7ccb8bec2646e5d25e058fc33162a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f52c9be1779d70037ae300762d19b08fe3656237", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json new file mode 100644 index 00000000000..c7978c0aaeb --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50198", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.470", + "lastModified": "2025-06-18T11:15:50.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1bf747824a8ca4008879fd7d2ce6b03d7b428858", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/942228fbf5d4901112178b93d41225be7c0dd9de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c4f92af7fc8cecb8eb426ad187e39c7bcc6679c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c652e0f51665f3fa575449909bbd9d7b45dfab1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9ec7993d00250a394d367c8a19fcfe8211c258b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d294d60dc68550fee0fbbe8a638d798dcd40b2c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5ab8a4967d68a8e9f8f4559d144207d085a8c02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json new file mode 100644 index 00000000000..76da4e4f66c --- /dev/null +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50199", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.583", + "lastModified": "2025-06-18T11:15:50.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omapdss_init_of\n\nomapdss_find_dss_of_node() calls of_find_compatible_node() to get device\nnode. of_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() in later error path and normal path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/14bac0c7035bf920e190a63c7e1b113c72eadbf4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/230ad40a59c9a9ee8f3822b9a7bec09404102ebc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/507159facf002d113c4878fec67f37d62f187887", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/935035cf97c8cd6794044b500fb0a44a6d30ffa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9705db1eff38d6b9114121f9e253746199b759c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a32dc6829e33c54e751346aa3e08ddb6d0e1a6a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json new file mode 100644 index 00000000000..240c0657542 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50200", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.697", + "lastModified": "2025-06-18T11:15:50.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: Add boundary check in put_entry()\n\nJust like next_entry(), boundary check is necessary to prevent memory\nout-of-bound access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/15ec76fb29be31df2bccb30fc09875274cba2776", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2dabe6a872a5744865372eb30ea51e8ccd21305a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/477722f31ad73aa779154d1d7e00825538389f76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7363a69d8ca8f0086f8e1196c8ddaf0e168614b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90bdf50ae70c5571a277b5601e4f5df210831e0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9605f50157cae00eb299e1189a6d708c84935ad8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adbfdaacde18faf6cd4e490764045375266b3fbd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dedd558d9765b72c66e5a53948e9f5abc3ece1f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json new file mode 100644 index 00000000000..49a3cb94add --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50201", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.810", + "lastModified": "2025-06-18T11:15:50.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix memleak in security_read_state_kernel()\n\nIn this function, it directly returns the result of __security_read_policy\nwithout freeing the allocated memory in *data, cause memory leak issue,\nso free the memory if __security_read_policy failed.\n\n[PM: subject line tweak]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1fc1f72aad2070d34022d0823e4cf09706b53f25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73de1befcc53a7c68b0c5e76b9b5ac41c517760f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c877c5217145bda8fd95f506bf42f8d981afa57d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3cd7562c0a6774fc62d79654482014020e574f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json new file mode 100644 index 00000000000..f50dae0bae7 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50202", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:50.923", + "lastModified": "2025-06-18T11:15:50.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: defer device probing when resuming from hibernation\n\nsyzbot is reporting hung task at misc_open() [1], for there is a race\nwindow of AB-BA deadlock which involves probe_count variable. Currently\nwait_for_device_probe() from snapshot_open() from misc_open() can sleep\nforever with misc_mtx held if probe_count cannot become 0.\n\nWhen a device is probed by hub_event() work function, probe_count is\nincremented before the probe function starts, and probe_count is\ndecremented after the probe function completed.\n\nThere are three cases that can prevent probe_count from dropping to 0.\n\n (a) A device being probed stopped responding (i.e. broken/malicious\n hardware).\n\n (b) A process emulating a USB device using /dev/raw-gadget interface\n stopped responding for some reason.\n\n (c) New device probe requests keeps coming in before existing device\n probe requests complete.\n\nThe phenomenon syzbot is reporting is (b). A process which is holding\nsystem_transition_mutex and misc_mtx is waiting for probe_count to become\n0 inside wait_for_device_probe(), but the probe function which is called\n from hub_event() work function is waiting for the processes which are\nblocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface.\n\nThis patch mitigates (b) by deferring wait_for_device_probe() from\nsnapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that\nthe possibility of (b) remains as long as any thread which is emulating a\nUSB device via /dev/raw-gadget interface can be blocked by uninterruptible\nblocking operations (e.g. mutex_lock()).\n\nPlease also note that (a) and (c) are not addressed. Regarding (c), we\nshould change the code to wait for only one device which contains the\nimage for resuming from hibernation. I don't know how to address (a), for\nuse of timeout for wait_for_device_probe() might result in loss of user\ndata in the image. Maybe we should require the userland to wait for the\nimage device before opening /dev/snapshot interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/003a456ae6f70bb97e436e02fc5105be577c1570", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f0e18e0db42f4f8bc87d3d98333680065ceeff8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c48d3067eaf878642276f053575a5c642600a50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a283b59bce72c05c60e9f0fa92a28b5b850d8bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8386c414e27caba8501119948e9551e52b527f59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c90947e5f1801e6c7120021c6ea0f3ad6a4eb91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b8e1ae9433d7bd95f2dcc044a7a6f20a4c40d258", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7042cf9dd40733f387b7cac021e626c74b8856f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json new file mode 100644 index 00000000000..d57a6f5599f --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50203", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.043", + "lastModified": "2025-06-18T11:15:51.043", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: display: Fix refcount leak bug\n\nIn omapdss_init_fbdev(), of_find_node_by_name() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b4f96b47ff8dc2fa35d03c4116927248796d9af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2629d171f3d6451724549d8d10d14ac6da37a7be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e505298a75f0bbdc96e923e76e5d45d6c8f64a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/496988a19d5c36fabf97c847db39167e42393c74", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50b87a32a79bca6e275918a711fb8cc55e16d739", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88d556029a78999b098d26a330bb6a7de166f426", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a89a865dc9f0600fd146224e314775b9efc9d845", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bdbdf69d5b78c5712c60c0004fa6aed12da36e26", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json new file mode 100644 index 00000000000..a179ba58e4f --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50204", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.160", + "lastModified": "2025-06-18T11:15:51.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: pdata-quirks: Fix refcount leak bug\n\nIn pdata_quirks_init_clocks(), the loop contains\nof_find_node_by_name() but without corresponding of_node_put()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37f0c89778576ce3d52f40c1e9e727fbddedb28e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5cdbab96bab314c6f2f5e4e8b8a019181328bf5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75f23d72b6e0a34c8a0e8d275b69ba1e6dd0f15f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebca6870fc0cb5470dbc058cc94f3c53ea886eaa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json new file mode 100644 index 00000000000..65213bcfb7a --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50205", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.267", + "lastModified": "2025-06-18T11:15:51.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next2: Add more validity checks for inode counts\n\nAdd checks verifying number of inodes stored in the superblock matches\nthe number computed from number of inodes per group. Also verify we have\nat least one block worth of inodes per group. This prevents crashes on\ncorrupted filesystems." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07303a9abe3a997d9864fb4315e34b5acfe8fc25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0bcdc31094a12b4baf59e241feabc9787cf635fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e63c5fe9123fa76ffaeff26c211308736ec3a07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a48fdc88a3c35e046a6a0a38eba00f21c65b16e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96b18d3a1be0354ccce43f0ef61b5a3d7e432552", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3f423683818cfe15de14d5d9dff44148ff16bbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d08bb199a406424a8ed0009efdf41710e6d849ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa78f336937240d1bc598db817d638086060e7e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json new file mode 100644 index 00000000000..a0c9b1ed5a7 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50206", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.390", + "lastModified": "2025-06-18T11:15:51.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: fix oops in concurrently setting insn_emulation sysctls\n\nemulation_proc_handler() changes table->data for proc_dointvec_minmax\nand can generate the following Oops if called concurrently with itself:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n | Internal error: Oops: 96000006 [#1] SMP\n | Call trace:\n | update_insn_emulation_mode+0xc0/0x148\n | emulation_proc_handler+0x64/0xb8\n | proc_sys_call_handler+0x9c/0xf8\n | proc_sys_write+0x18/0x20\n | __vfs_write+0x20/0x48\n | vfs_write+0xe4/0x1d0\n | ksys_write+0x70/0xf8\n | __arm64_sys_write+0x20/0x28\n | el0_svc_common.constprop.0+0x7c/0x1c0\n | el0_svc_handler+0x2c/0xa0\n | el0_svc+0x8/0x200\n\nTo fix this issue, keep the table->data as &insn->current_mode and\nuse container_of() to retrieve the insn pointer. Another mutex is\nused to protect against the current_mode update but not for retrieving\ninsn_emulation as table->data is no longer changing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04549063d5701976034d8c2bfda3d3a8cbf0409f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/07022e07017ee5540f5559b0aeb916e8383c1e1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/353b4673d01c512303c45cf2346f630cda73b5c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6a2fd114678d7fc1b5a0f8865ae98f1c17787455", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d5fec6ba2e4117d196a8259ab54615ffe562460", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af483947d472eccb79e42059276c4deed76f99a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b51881b1da57fe9877125dfdd0aac5172958fcfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc69ef95988b9ef2fc730ec452a7441efb90ef5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json new file mode 100644 index 00000000000..a25a2e03e01 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50207", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.503", + "lastModified": "2025-06-18T11:15:51.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: bcm: Fix refcount leak in bcm_kona_smc_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02b658bfb26452f2c13e4577a13ab802f89a6642", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5afe042c889437de83f38a9d73d145742fb4f65f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62d719d31ec667276d7375b64542b080cf187797", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75866df2b1d673df5b7781e565ada753a7895f04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91e7f04f53e680bc72f0a9a5c682ab652100b9c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc7f487395f208fd9af69e9a807815e10435aba7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6964cb9ac7a43bf78e7d60126e2722992de2ea1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb23389a2458c2e4bfd6c86a513cbbe1c4d35e76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json new file mode 100644 index 00000000000..37a8498e3d4 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50208", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.620", + "lastModified": "2025-06-18T11:15:51.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: amlogic: Fix refcount leak in meson-secure-pwrc.c\n\nIn meson_secure_pwrc_probe(), there is a refcount leak in one fail\npath." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5509d07a9364b75b28055bf2d89289e4e5269929", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80c469e63bfa9a5a8114952bffc6a7d241e7497e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d18529a4c12f66d83daac78045ea54063bd43257", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1fbbb5ded714b6610a16ec3d7e271a55291ccc4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f370fbbd3151c1c87d1e976c8964cb6cc46f2e00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json new file mode 100644 index 00000000000..677cf315eca --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50209", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.727", + "lastModified": "2025-06-18T11:15:51.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmeson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0c1757480a6a61b8c3164ed371c359edb3928f12", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2691b8780f88e1b8b3578a5bc78a0011741bbd74", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/69a64c77aafcf3c772264a36214937514e31ad82", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b28bf3e044f12db0fc18c42f58ae7fc3fa0144a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a4a33b3e898b13c750b1c0c9643516c7bf6473f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2106f38077e78afcb4bf98fdda3e162118cfb3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e21744c6a0d4116a2d6ebccd947620ca4c952e92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json new file mode 100644 index 00000000000..a028ecc56f4 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50210", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.843", + "lastModified": "2025-06-18T11:15:51.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<980000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/274e44e2123417e0924c90d4b4531913b5f3aa2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4cb392956ae392aec4aa06e661a0bb9146b0bace", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d305823e02217b29d41fca67e3cef87fd7bd688", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/807adf6ffa8c3beedcd63b20f5a59c7d061df7d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8916ec149c79cb21f5454fa7840ad96f99cf51cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98aaa511957667ba26d6dabe28dfa210a8f53a63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3ac4e47510ec0753ebe1e418a334ad202784aa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e1a534f5d074db45ae5cbac41d8912b98e96a006", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e41db8a9ce696a3382a4f098878fd4d14bccd201", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json new file mode 100644 index 00000000000..95daddf45b2 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50211", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:51.970", + "lastModified": "2025-06-18T11:15:51.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd-raid10: fix KASAN warning\n\nThere's a KASAN warning in raid10_remove_disk when running the lvm\ntest lvconvert-raid-reshape.sh. We fix this warning by verifying that the\nvalue \"number\" is valid.\n\nBUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10]\nRead of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682\n\nCPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report.cold+0x45/0x57a\n ? __lock_text_start+0x18/0x18\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n kasan_report+0xa8/0xe0\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n raid10_remove_disk+0x61/0x2a0 [raid10]\nBuffer I/O error on dev dm-76, logical block 15344, async page read\n ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0\n remove_and_add_spares+0x367/0x8a0 [md_mod]\n ? super_written+0x1c0/0x1c0 [md_mod]\n ? mutex_trylock+0xac/0x120\n ? _raw_spin_lock+0x72/0xc0\n ? _raw_spin_lock_bh+0xc0/0xc0\n md_check_recovery+0x848/0x960 [md_mod]\n raid10d+0xcf/0x3360 [raid10]\n ? sched_clock_cpu+0x185/0x1a0\n ? rb_erase+0x4d4/0x620\n ? var_wake_function+0xe0/0xe0\n ? psi_group_change+0x411/0x500\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? raid10_sync_request+0x36c0/0x36c0 [raid10]\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_unlock_irqrestore+0x19/0x40\n ? del_timer_sync+0xa9/0x100\n ? try_to_del_timer_sync+0xc0/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? _raw_spin_unlock_irq+0x11/0x24\n ? __list_del_entry_valid+0x68/0xa0\n ? finish_wait+0xa3/0x100\n md_thread+0x161/0x260 [md_mod]\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? prepare_to_wait_event+0x2c0/0x2c0\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n kthread+0x148/0x180\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \n\nAllocated by task 124495:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x80/0xa0\n setup_conf+0x140/0x5c0 [raid10]\n raid10_run+0x4cd/0x740 [raid10]\n md_run+0x6f9/0x1300 [md_mod]\n raid_ctr+0x2531/0x4ac0 [dm_raid]\n dm_table_add_target+0x2b0/0x620 [dm_mod]\n table_load+0x1c8/0x400 [dm_mod]\n ctl_ioctl+0x29e/0x560 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]\n __do_compat_sys_ioctl+0xfa/0x160\n do_syscall_64+0x90/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\nL __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\n __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe buggy address belongs to the object at ffff889108f3d200\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 0 bytes to the right of\n 256-byte region [ffff889108f3d200, ffff889108f3d300)\n\nThe buggy address belongs to the physical page:\npage:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c\nhead:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0\nflags: 0x4000000000010200(slab|head|zone=2)\nraw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40\nraw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff889108f3d280: 00 00\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f4d18cbea4a6e37a05fd8ee2887439f85211110", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f57843565131bb782388f9d993f9ee8f453dee1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5fd4ffa2372a41361d2bdd27ea5730e4e673240c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75fbd370a2cec9e92f48285bd90735ed0c837f52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a6ccc8fa192fd357c2d5d4c6ce67c834a179e23", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcbdc26a44aba488d2f7122f2d66801bccb74733", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf30b9ba09b0ac2a10f04dce2b0835ec4d178aa6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce839b9331c11780470f3d727b6fe3c2794a4620", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d17f744e883b2f8d13cca252d71cfe8ace346f7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json new file mode 100644 index 00000000000..3007ee5a7f2 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50212", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.087", + "lastModified": "2025-06-18T11:15:52.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow CHAIN_ID to refer to another table\n\nWhen doing lookups for chains on the same batch by using its ID, a chain\nfrom a different table can be used. If a rule is added to a table but\nrefers to a chain in a different table, it will be linked to the chain in\ntable2, but would have expressions referring to objects in table1.\n\nThen, when table1 is removed, the rule will not be removed as its linked to\na chain in table2. When expressions in the rule are processed or removed,\nthat will lead to a use-after-free.\n\nWhen looking for chains by ID, use the table that was used for the lookup\nby name, and only return chains belonging to that same table." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f49613a213d918af790c1276f79da741968de11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58e863f64ee3d0879297e5e53b646e4b91e59620", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91501513016903077f91033fa5d2aa26cac399b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95f466d22364a33d183509629d0879885b4f547e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e7dcb88ec8e85e4a8ad0ea494ea2f90f32d2583", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json new file mode 100644 index 00000000000..d081fecb7ec --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50213", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.197", + "lastModified": "2025-06-18T11:15:52.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow SET_ID to refer to another table\n\nWhen doing lookups for sets on the same batch by using its ID, a set from a\ndifferent table can be used.\n\nThen, when the table is removed, a reference to the set may be kept after\nthe set is freed, leading to a potential use-after-free.\n\nWhen looking for sets by ID, use the table that was used for the lookup by\nname, and only return sets belonging to that same table.\n\nThis fixes CVE-2022-2586, also reported as ZDI-CAN-17470." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d07039397527361850c554c192e749cfc879ea9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a4b18b1ff11ba26f9a852019d674fde9d1d1cff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/77d3b5038b7462318f5183e2ad704b01d57215a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/faafd9286f1355c76fe9ac3021c280297213330e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fab2f61cc3b0e441b1749f017cfee75f9bbaded7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json new file mode 100644 index 00000000000..85fd5d0aad6 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2022-50214", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.310", + "lastModified": "2025-06-18T11:15:52.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: Clear the connection field properly\n\ncoresight devices track their connections (output connections) and\nhold a reference to the fwnode. When a device goes away, we walk through\nthe devices on the coresight bus and make sure that the references\nare dropped. This happens both ways:\n a) For all output connections from the device, drop the reference to\n the target device via coresight_release_platform_data()\n\nb) Iterate over all the devices on the coresight bus and drop the\n reference to fwnode if *this* device is the target of the output\n connection, via coresight_remove_conns()->coresight_remove_match().\n\nHowever, the coresight_remove_match() doesn't clear the fwnode field,\nafter dropping the reference, this causes use-after-free and\nadditional refcount drops on the fwnode.\n\ne.g., if we have two devices, A and B, with a connection, A -> B.\nIf we remove B first, B would clear the reference on B, from A\nvia coresight_remove_match(). But when A is removed, it still has\na connection with fwnode still pointing to B. Thus it tries to drops\nthe reference in coresight_release_platform_data(), raising the bells\nlike :\n\n[ 91.990153] ------------[ cut here ]------------\n[ 91.990163] refcount_t: addition on 0; use-after-free.\n[ 91.990212] WARNING: CPU: 0 PID: 461 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144\n[ 91.990260] Modules linked in: coresight_funnel coresight_replicator coresight_etm4x(-)\n crct10dif_ce coresight ip_tables x_tables ipv6 [last unloaded: coresight_cpu_debug]\n[ 91.990398] CPU: 0 PID: 461 Comm: rmmod Tainted: G W T 5.19.0-rc2+ #53\n[ 91.990418] Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Feb 1 2019\n[ 91.990434] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 91.990454] pc : refcount_warn_saturate+0xa0/0x144\n[ 91.990476] lr : refcount_warn_saturate+0xa0/0x144\n[ 91.990496] sp : ffff80000c843640\n[ 91.990509] x29: ffff80000c843640 x28: ffff800009957c28 x27: ffff80000c8439a8\n[ 91.990560] x26: ffff00097eff1990 x25: ffff8000092b6ad8 x24: ffff00097eff19a8\n[ 91.990610] x23: ffff80000c8439a8 x22: 0000000000000000 x21: ffff80000c8439c2\n[ 91.990659] x20: 0000000000000000 x19: ffff00097eff1a10 x18: ffff80000ab99c40\n[ 91.990708] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80000abf6fa0\n[ 91.990756] x14: 000000000000001d x13: 0a2e656572662d72 x12: 657466612d657375\n[ 91.990805] x11: 203b30206e6f206e x10: 6f69746964646120 x9 : ffff8000081aba28\n[ 91.990854] x8 : 206e6f206e6f6974 x7 : 69646461203a745f x6 : 746e756f63666572\n[ 91.990903] x5 : ffff00097648ec58 x4 : 0000000000000000 x3 : 0000000000000027\n[ 91.990952] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00080260ba00\n[ 91.991000] Call trace:\n[ 91.991012] refcount_warn_saturate+0xa0/0x144\n[ 91.991034] kobject_get+0xac/0xb0\n[ 91.991055] of_node_get+0x2c/0x40\n[ 91.991076] of_fwnode_get+0x40/0x60\n[ 91.991094] fwnode_handle_get+0x3c/0x60\n[ 91.991116] fwnode_get_nth_parent+0xf4/0x110\n[ 91.991137] fwnode_full_name_string+0x48/0xc0\n[ 91.991158] device_node_string+0x41c/0x530\n[ 91.991178] pointer+0x320/0x3ec\n[ 91.991198] vsnprintf+0x23c/0x750\n[ 91.991217] vprintk_store+0x104/0x4b0\n[ 91.991238] vprintk_emit+0x8c/0x360\n[ 91.991257] vprintk_default+0x44/0x50\n[ 91.991276] vprintk+0xcc/0xf0\n[ 91.991295] _printk+0x68/0x90\n[ 91.991315] of_node_release+0x13c/0x14c\n[ 91.991334] kobject_put+0x98/0x114\n[ 91.991354] of_node_put+0x24/0x34\n[ 91.991372] of_fwnode_put+0x40/0x5c\n[ 91.991390] fwnode_handle_put+0x38/0x50\n[ 91.991411] coresight_release_platform_data+0x74/0xb0 [coresight]\n[ 91.991472] coresight_unregister+0x64/0xcc [coresight]\n[ 91.991525] etm4_remove_dev+0x64/0x78 [coresight_etm4x]\n[ 91.991563] etm4_remove_amba+0x1c/0x2c [coresight_etm4x]\n[ 91.991598] amba_remove+0x3c/0x19c\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2af89ebacf299b7fba5f3087d35e8a286ec33706", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/847b9273dd61567fb77617eabc5fa002594db062", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b49b29ee113a87997bcca0bb0585bb46582846c1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc57850fcb7e4cb91b6321d0ce83357cefd55c54", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d43e967963c4d1b2b49f894d2f1b12865f87b098", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e9205d8dd1cafb7cff689ef9ddf06276a68f54a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json new file mode 100644 index 00000000000..e46fc567159 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50215", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.423", + "lastModified": "2025-06-18T11:15:52.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Allow waiting for commands to complete on removed device\n\nWhen a SCSI device is removed while in active use, currently sg will\nimmediately return -ENODEV on any attempt to wait for active commands that\nwere sent before the removal. This is problematic for commands that use\nSG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel\nwhen userspace frees or reuses it after getting ENODEV, leading to\ncorrupted userspace memory (in the case of READ-type commands) or corrupted\ndata being sent to the device (in the case of WRITE-type commands). This\nhas been seen in practice when logging out of a iscsi_tcp session, where\nthe iSCSI driver may still be processing commands after the device has been\nmarked for removal.\n\nChange the policy to allow userspace to wait for active sg commands even\nwhen the device is being removed. Return -ENODEV only when there are no\nmore responses to read." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/03d8241112d5e3cccce1a01274a221099f07d2e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3455607fd7be10b449f5135c00dc306b85dc0d21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35e60ec39e862159cb92923eefd5230d4a873cb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/408bfa1489a3cfe7150b81ab0b0df99b23dd5411", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c004b7dbb340c1e5889f5fb9e5baa6f6e5303e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed9afd967cbfe7da2dc0d5e52c62a778dfe9f16b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f135c65085eed869d10e4e7923ce1015288618da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5e61d9b4a699dd16f32d5f39eb1cf98d84c92ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50216.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50216.json new file mode 100644 index 00000000000..688952ad4e0 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50216.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50216", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.540", + "lastModified": "2025-06-18T11:15:52.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd-raid: destroy the bitmap after destroying the thread\n\nWhen we ran the lvm test \"shell/integrity-blocksize-3.sh\" on a kernel with\nkasan, we got failure in write_page.\n\nThe reason for the failure is that md_bitmap_destroy is called before\ndestroying the thread and the thread may be waiting in the function\nwrite_page for the bio to complete. When the thread finishes waiting, it\nexecutes \"if (test_bit(BITMAP_WRITE_ERROR, &bitmap->flags))\", which\ntriggers the kasan warning.\n\nNote that the commit 48df498daf62 that caused this bug claims that it is\nneede for md-cluster, you should check md-cluster and possibly find\nanother bugfix for it.\n\nBUG: KASAN: use-after-free in write_page+0x18d/0x680 [md_mod]\nRead of size 8 at addr ffff889162030c78 by task mdX_raid1/5539\n\nCPU: 10 PID: 5539 Comm: mdX_raid1 Not tainted 5.19.0-rc2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report.cold+0x45/0x57a\n ? __lock_text_start+0x18/0x18\n ? write_page+0x18d/0x680 [md_mod]\n kasan_report+0xa8/0xe0\n ? write_page+0x18d/0x680 [md_mod]\n kasan_check_range+0x13f/0x180\n write_page+0x18d/0x680 [md_mod]\n ? super_sync+0x4d5/0x560 [dm_raid]\n ? md_bitmap_file_kick+0xa0/0xa0 [md_mod]\n ? rs_set_dev_and_array_sectors+0x2e0/0x2e0 [dm_raid]\n ? mutex_trylock+0x120/0x120\n ? preempt_count_add+0x6b/0xc0\n ? preempt_count_sub+0xf/0xc0\n md_update_sb+0x707/0xe40 [md_mod]\n md_reap_sync_thread+0x1b2/0x4a0 [md_mod]\n md_check_recovery+0x533/0x960 [md_mod]\n raid1d+0xc8/0x2a20 [raid1]\n ? var_wake_function+0xe0/0xe0\n ? psi_group_change+0x411/0x500\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? raid1_end_read_request+0x2a0/0x2a0 [raid1]\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_unlock_irqrestore+0x19/0x40\n ? del_timer_sync+0xa9/0x100\n ? try_to_del_timer_sync+0xc0/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? __list_del_entry_valid+0x68/0xa0\n ? finish_wait+0xa3/0x100\n md_thread+0x161/0x260 [md_mod]\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? prepare_to_wait_event+0x2c0/0x2c0\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n kthread+0x148/0x180\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \n\nAllocated by task 5522:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x80/0xa0\n md_bitmap_create+0xa8/0xe80 [md_mod]\n md_run+0x777/0x1300 [md_mod]\n raid_ctr+0x249c/0x4a30 [dm_raid]\n dm_table_add_target+0x2b0/0x620 [dm_mod]\n table_load+0x1c8/0x400 [dm_mod]\n ctl_ioctl+0x29e/0x560 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]\n __do_compat_sys_ioctl+0xfa/0x160\n do_syscall_64+0x90/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFreed by task 5680:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x40\n kasan_set_free_info+0x20/0x40\n __kasan_slab_free+0xf7/0x140\n kfree+0x80/0x240\n md_bitmap_free+0x1c3/0x280 [md_mod]\n __md_stop+0x21/0x120 [md_mod]\n md_stop+0x9/0x40 [md_mod]\n raid_dtr+0x1b/0x40 [dm_raid]\n dm_table_destroy+0x98/0x1e0 [dm_mod]\n __dm_destroy+0x199/0x360 [dm_mod]\n dev_remove+0x10c/0x160 [dm_mod]\n ctl_ioctl+0x29e/0x560 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]\n __do_compat_sys_ioctl+0xfa/0x160\n do_syscall_64+0x90/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7f82027b6b74553f7fe8541c0a04bfbd3557fb11", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5e4cdd4438787e008c1b4a23bb66e49f4b12417", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0bdaed154e5b9cc4310ddaf5da290483d00e6ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e151db8ecfb019b7da31d076130a794574c89f6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f192434601b9a1ef072b8ad631d6008fea578234", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json new file mode 100644 index 00000000000..78b12cf4151 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-50217", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.647", + "lastModified": "2025-06-18T11:15:52.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: write inode in fuse_release()\n\nA race between write(2) and close(2) allows pages to be dirtied after\nfuse_flush -> write_inode_now(). If these pages are not flushed from\nfuse_release(), then there might not be a writable open file later. So any\nremaining dirty pages must be written back before the file is released.\n\nThis is a partial revert of the blamed commit." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/035ff33cf4db101250fb980a3941bf078f37a544", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4bd9d5d20f344d015422969302d12653c903c271", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ccb0420b7c9334ab8122037847101931b899301", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json new file mode 100644 index 00000000000..558ea3bcadc --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2022-50218", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.753", + "lastModified": "2025-06-18T11:15:52.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: isl29028: Fix the warning in isl29028_remove()\n\nThe driver use the non-managed form of the register function in\nisl29028_remove(). To keep the release order as mirroring the ordering\nin probe, the driver should use non-managed form in probe, too.\n\nThe following log reveals it:\n\n[ 32.374955] isl29028 0-0010: remove\n[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0\n[ 32.385461] Call Trace:\n[ 32.385807] sysfs_unmerge_group+0x59/0x110\n[ 32.386110] dpm_sysfs_remove+0x58/0xc0\n[ 32.386391] device_del+0x296/0xe50\n[ 32.386959] cdev_device_del+0x1d/0xd0\n[ 32.387231] devm_iio_device_unreg+0x27/0xb0\n[ 32.387542] devres_release_group+0x319/0x3d0\n[ 32.388162] i2c_device_remove+0x93/0x1f0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/359f3b150eab30805fe0e4e9d616887d7257a625", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f0ebfb4b9bfad2326c0b2c3cc7e37f4b9ee9eba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1135205b0affd255510775a27df571aca84ab4b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca63d5abf404d2934e2ac03545350de7bb8c8e96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed43fb20d3d1fca9d79db0d5faf4321a4dd58c23", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fac589fb764699a4bcd288f6656b8cd0408ea968", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb1888205c0782f287e5dd4ffff1f665332e868c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json new file mode 100644 index 00000000000..04dc4ff054a --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50219", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.863", + "lastModified": "2025-06-18T11:15:52.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix KASAN use-after-free Read in compute_effective_progs\n\nSyzbot found a Use After Free bug in compute_effective_progs().\nThe reproducer creates a number of BPF links, and causes a fault\ninjected alloc to fail, while calling bpf_link_detach on them.\nLink detach triggers the link to be freed by bpf_link_free(),\nwhich calls __cgroup_bpf_detach() and update_effective_progs().\nIf the memory allocation in this function fails, the function restores\nthe pointer to the bpf_cgroup_link on the cgroup list, but the memory\ngets freed just after it returns. After this, every subsequent call to\nupdate_effective_progs() causes this already deallocated pointer to be\ndereferenced in prog_list_length(), and triggers KASAN UAF error.\n\nTo fix this issue don't preserve the pointer to the prog or link in the\nlist, but remove it and replace it with a dummy prog without shrinking\nthe table. The subsequent call to __cgroup_bpf_detach() or\n__cgroup_bpf_detach() will correct it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f8ca9c40e6222ce431e9ba5dae3cccce8ef9443", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3527e3cbb84d8868c4d4e91ba55915f96d39ec3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c46091ee985ae84c60c5e95055d779fcd291d87", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6336388715afa419cc97d0255bda3bba1b96b7ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be001f9da71eaa3b61e186fb88bde3279728bdca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json new file mode 100644 index 00000000000..ecd39db8b18 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50220", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:52.973", + "lastModified": "2025-06-18T11:15:52.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Fix linkwatch use-after-free on disconnect\n\nusbnet uses the work usbnet_deferred_kevent() to perform tasks which may\nsleep. On disconnect, completion of the work was originally awaited in\n->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic\ncommit \"[PATCH] USB: usbnet, prevent exotic rtnl deadlock\":\n\n https://git.kernel.org/tglx/history/c/0f138bbfd83c\n\nThe change was made because back then, the kernel's workqueue\nimplementation did not allow waiting for a single work. One had to wait\nfor completion of *all* work by calling flush_scheduled_work(), and that\ncould deadlock when waiting for usbnet_deferred_kevent() with rtnl_mutex\nheld in ->ndo_stop().\n\nThe commit solved one problem but created another: It causes a\nuse-after-free in USB Ethernet drivers aqc111.c, asix_devices.c,\nax88179_178a.c, ch9200.c and smsc75xx.c:\n\n* If the drivers receive a link change interrupt immediately before\n disconnect, they raise EVENT_LINK_RESET in their (non-sleepable)\n ->status() callback and schedule usbnet_deferred_kevent().\n* usbnet_deferred_kevent() invokes the driver's ->link_reset() callback,\n which calls netif_carrier_{on,off}().\n* That in turn schedules the work linkwatch_event().\n\nBecause usbnet_deferred_kevent() is awaited after unregister_netdev(),\nnetif_carrier_{on,off}() may operate on an unregistered netdev and\nlinkwatch_event() may run after free_netdev(), causing a use-after-free.\n\nIn 2010, usbnet was changed to only wait for a single instance of\nusbnet_deferred_kevent() instead of *all* work by commit 23f333a2bfaf\n(\"drivers/net: don't use flush_scheduled_work()\").\n\nUnfortunately the commit neglected to move the wait back to\n->ndo_stop(). Rectify that omission at long last." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/135199a2edd459d2b123144efcd7f9bcd95128e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/635fd8953e4309b54ca6a81bed1d4a87668694f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f77dcbc030c2faa6d8e8a594985eeb34018409e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b4588b8b00b299be16a35be67b331d8fdba03f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a69e617e533edddf3fa3123149900f36e0a6dc74", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2d6b530d89b0a912148018027386aa049f0a309", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d49bb8cf9bfaa06aa527eb30f1a52a071da2e32f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db3b738ae5f726204876f4303c49cfdf4311403f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2a521a7dcc463c5017b4426ca0804e151faeff7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json new file mode 100644 index 00000000000..bdbb9caab77 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50221", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.090", + "lastModified": "2025-06-18T11:15:53.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fb-helper: Fix out-of-bounds access\n\nClip memory range to screen-buffer size to avoid out-of-bounds access\nin fbdev deferred I/O's damage handling.\n\nFbdev's deferred I/O can only track pages. From the range of pages, the\ndamage handler computes the clipping rectangle for the display update.\nIf the fbdev screen buffer ends near the beginning of a page, that page\ncould contain more scanlines. The damage handler would then track these\nnon-existing scanlines as dirty and provoke an out-of-bounds access\nduring the screen update. Hence, clip the maximum memory range to the\nsize of the screen buffer.\n\nWhile at it, rename the variables min/max to min_off/max_off in\ndrm_fb_helper_deferred_io(). This avoids confusion with the macros of\nthe same name." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9c49ac792c639dbec0728b513329a32461f72253", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae25885bdf59fde40726863c57fd20e4a0642183", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json new file mode 100644 index 00000000000..e21ccef0089 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2022-50222", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.193", + "lastModified": "2025-06-18T11:15:53.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vt: initialize unicode screen buffer\n\nsyzbot reports kernel infoleak at vcs_read() [1], for buffer can be read\nimmediately after resize operation. Initialize buffer using kzalloc().\n\n ----------\n #include \n #include \n #include \n #include \n\n int main(int argc, char *argv[])\n {\n struct fb_var_screeninfo var = { };\n const int fb_fd = open(\"/dev/fb0\", 3);\n ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);\n var.yres = 0x21;\n ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);\n return read(open(\"/dev/vcsu\", O_RDONLY), &var, sizeof(var)) == -1;\n }\n ----------" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/446f123aa6021e5f75a20789f05ff3f7ae51a42f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c6c65681f39bf71bc72ed589dec3b8b20e75cac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/777a462e1ae50a01fc4a871efa8e34d596a1e17d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af77c56aa35325daa2bc2bed5c2ebf169be61b86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc9e874dace0c89ae535230c7da19b764746811e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e02fa87e572bb7d90dcdbce9c0f519f1eb992e96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json new file mode 100644 index 00000000000..6c666a80e5b --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50223", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.303", + "lastModified": "2025-06-18T11:15:53.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A5000-7A1000-1w-V0.1-CRB/Loongson-LS3A5000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/28e112afa44ad0814120d41c68fa72372a2cd2c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/37268c7badd36f5381056d1651a6ee0b63b8ff3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json new file mode 100644 index 00000000000..c422cd6a19c --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50224", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.410", + "lastModified": "2025-06-18T11:15:53.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Treat NX as a valid SPTE bit for NPT\n\nTreat the NX bit as valid when using NPT, as KVM will set the NX bit when\nthe NX huge page mitigation is enabled (mindblowing) and trigger the WARN\nthat fires on reserved SPTE bits being set.\n\nKVM has required NX support for SVM since commit b26a71a1a5b9 (\"KVM: SVM:\nRefuse to load kvm_amd if NX support is not available\") for exactly this\nreason, but apparently it never occurred to anyone to actually test NPT\nwith the mitigation enabled.\n\n ------------[ cut here ]------------\n spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000\n WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm]\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022\n RIP: 0010:make_spte+0x327/0x340 [kvm]\n Call Trace:\n \n tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm]\n kvm_tdp_mmu_map+0x343/0x3b0 [kvm]\n direct_page_fault+0x1ae/0x2a0 [kvm]\n kvm_tdp_page_fault+0x7d/0x90 [kvm]\n kvm_mmu_page_fault+0xfb/0x2e0 [kvm]\n npf_interception+0x55/0x90 [kvm_amd]\n svm_invoke_exit_handler+0x31/0xf0 [kvm_amd]\n svm_handle_exit+0xf6/0x1d0 [kvm_amd]\n vcpu_enter_guest+0xb6d/0xee0 [kvm]\n ? kvm_pmu_trigger_event+0x6d/0x230 [kvm]\n vcpu_run+0x65/0x2c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm]\n kvm_vcpu_ioctl+0x551/0x610 [kvm]\n __se_sys_ioctl+0x77/0xc0\n __x64_sys_ioctl+0x1d/0x20\n do_syscall_64+0x44/0xa0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n \n ---[ end trace 0000000000000000 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6271f2854b9233702e236e576b885a876dde4889", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6c6ab524cfae0799e55c82b2c1d61f1af0156f8d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json new file mode 100644 index 00000000000..c4a29c7d21f --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2022-50225", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.517", + "lastModified": "2025-06-18T11:15:53.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv:uprobe fix SR_SPIE set/clear handling\n\nIn riscv the process of uprobe going to clear spie before exec\nthe origin insn,and set spie after that.But When access the page\nwhich origin insn has been placed a page fault may happen and\nirq was disabled in arch_uprobe_pre_xol function,It cause a WARN\nas follows.\nThere is no need to clear/set spie in arch_uprobe_pre/post/abort_xol.\nWe can just remove it.\n\n[ 31.684157] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1488\n[ 31.684677] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 76, name: work\n[ 31.684929] preempt_count: 0, expected: 0\n[ 31.685969] CPU: 2 PID: 76 Comm: work Tainted: G\n[ 31.686542] Hardware name: riscv-virtio,qemu (DT)\n[ 31.686797] Call Trace:\n[ 31.687053] [] dump_backtrace+0x30/0x38\n[ 31.687699] [] show_stack+0x40/0x4c\n[ 31.688141] [] dump_stack_lvl+0x44/0x5c\n[ 31.688396] [] dump_stack+0x18/0x20\n[ 31.688653] [] __might_resched+0x114/0x122\n[ 31.688948] [] __might_sleep+0x50/0x7a\n[ 31.689435] [] down_read+0x30/0x130\n[ 31.689728] [] do_page_fault+0x166/x446\n[ 31.689997] [] ret_from_exception+0x0/0xc" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3811d51778900064d27d8c9a98f73410fb3b471d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3dbe5829408bc1586f75b4667ef60e5aab0209c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73fc099eaefd9a92c83b6c07dad066411fd5a192", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c71e000db8536d27ec410abb3e314896a78b4f19", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json new file mode 100644 index 00000000000..bf8bba8225f --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50226", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.633", + "lastModified": "2025-06-18T11:15:53.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak\n\nFor some sev ioctl interfaces, input may be passed that is less than or\nequal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP\nfirmware returns. In this case, kmalloc will allocate memory that is the\nsize of the input rather than the size of the data. Since PSP firmware\ndoesn't fully overwrite the buffer, the sev ioctl interfaces with the\nissue may return uninitialized slab memory.\n\nCurrently, all of the ioctl interfaces in the ccp driver are safe, but\nto prevent future problems, change all ioctl interfaces that allocate\nmemory with kmalloc to use kzalloc and memset the data buffer to zero\nin sev_ioctl_do_platform_status." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13dc15a3f5fd7f884e4bfa8c011a0ae868df12ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c5300f6f5e18b11c02a92f136e69b98fddba15e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/caa395aa16e7c9193fd7fa6cde462dd8229d4953", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e11fb0a3a39bb42da35fa662c46ce7391f277436", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2a920daa780956b987c14b9f23de7c3c8915bf2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json new file mode 100644 index 00000000000..92b3d2c4c3e --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2022-50227", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.743", + "lastModified": "2025-06-18T11:15:53.743", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/xen: Initialize Xen timer only once\n\nAdd a check for existing xen timers before initializing a new one.\n\nCurrently kvm_xen_init_timer() is called on every\nKVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG\ncrash when vcpu->arch.xen.timer is already set.\n\nODEBUG: init active (active state 0)\nobject type: hrtimer hint: xen_timer_callbac0\nRIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502\nCall Trace:\n__debug_object_init\ndebug_hrtimer_init\ndebug_init\nhrtimer_init\nkvm_xen_init_timer\nkvm_xen_vcpu_set_attr\nkvm_arch_vcpu_ioctl\nkvm_vcpu_ioctl\nvfs_ioctl" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9a9b5771e930f408c3419799000f76a9abaf2278", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af735db31285fa699384c649be72a9f32ecbb665", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json new file mode 100644 index 00000000000..fdcd71606fd --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50228", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.850", + "lastModified": "2025-06-18T11:15:53.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0\n\nDon't BUG/WARN on interrupt injection due to GIF being cleared,\nsince it's trivial for userspace to force the situation via\nKVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct\nfor KVM internally generated injections).\n\n kernel BUG at arch/x86/kvm/svm/svm.c:3386!\n invalid opcode: 0000 [#1] SMP\n CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd]\n Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53\n RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006\n RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0\n RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000\n FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0\n Call Trace:\n \n inject_pending_event+0x2f7/0x4c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm]\n kvm_vcpu_ioctl+0x26d/0x650 [kvm]\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2c49adeb020995236e63722ef6d0bee14372f471", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2eee1dba70f57148fc7f8252613bfae6bd4b04e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3d4e2d884da6312df7c9b85fbf671de49204ead6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68e1313bb8809e8addcd9431f2bfea0e8ddbca80", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6afe88fbb40eac3291a8728688d61fdc745d8008", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fcbab82ccbcde915644085f73d3487938bda42d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8bb683490278005b4caf61e22b0828a04d282e86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3396c1c8b87510f2ac2a674948156577559d42d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f17c31c48e5cde9895a491d91c424eeeada3e134", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json new file mode 100644 index 00000000000..1726c157aed --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2022-50229", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:53.967", + "lastModified": "2025-06-18T11:15:53.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: bcd2000: Fix a UAF bug on the error path of probing\n\nWhen the driver fails in snd_card_register() at probe time, it will free\nthe 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.\n\nThe following log can reveal it:\n\n[ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n[ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0\n[ 50.729530] Call Trace:\n[ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n\nFix this by adding usb_kill_urb() before usb_free_urb()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/05e0bb8c3c4dde3e21b9c1cf9395afb04e8b24db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1d6a246cf97c380f2da76591f03019dd9c9599c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/348620464a5c127399ac09b266f494f393661952", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4fc41f7ebb7efca282f1740ea934d16f33c1d109", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/64ca7f50ad96c2c65ae390b954925a36eabe04aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a718eba7e458e2f40531be3c6b6a0028ca7fcace", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0d4af0a4763ddc02344789ef2a281c494bc330d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffb2759df7efbc00187bfd9d1072434a13a54139", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json new file mode 100644 index 00000000000..a5173d6fa25 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2022-50230", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:54.083", + "lastModified": "2025-06-18T11:15:54.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9283e708a9b8529e7aafac9ab5c5c79a9fab8846", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json new file mode 100644 index 00000000000..4f6184e85ab --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2022-50231", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:54.187", + "lastModified": "2025-06-18T11:15:54.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/poly1305 - fix a read out-of-bound\n\nA kasan error was reported during fuzzing:\n\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\n dump_backtrace+0x0/0x394\n show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x158/0x1e4 lib/dump_stack.c:118\n print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n __kasan_report+0xe0/0x140 mm/kasan/report.c:547\n kasan_report+0x44/0xe0 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load4+0x94/0xd0 mm/kasan/generic.c:252\n neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\n neon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\n neon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\n crypto_shash_update crypto/shash.c:131 [inline]\n shash_finup_unaligned+0x84/0x15c crypto/shash.c:179\n crypto_shash_finup+0x8c/0x140 crypto/shash.c:193\n shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\n crypto_shash_digest+0xa4/0xfc crypto/shash.c:217\n crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\n essiv_skcipher_setkey+0x164/0x200 [essiv]\n crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\n skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\n alg_setkey+0x114/0x2a0 crypto/af_alg.c:220\n alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n __sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n __do_sys_setsockopt net/socket.c:2134 [inline]\n __se_sys_setsockopt net/socket.c:2131 [inline]\n __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\n invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\n el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\n do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\n el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\n el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\n el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\n\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n\n#include \n#include \n#include \n#include \n\nchar test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\"\n \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\"\n \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\"\n \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\";\n\nint init(void)\n{\n struct crypto_shash *tfm = NULL;\n char *data = NULL, *out = NULL;\n\n tfm = crypto_alloc_shash(\"poly1305\", 0, 0);\n data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\n out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\n memcpy(data, test_data, POLY1305_KEY_SIZE - 1);\n crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\n\n kfree(data);\n kfree(out);\n return 0;\n}\n\nvoid deinit(void)\n{\n}\n\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE(\"GPL\");\n\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first \"block\" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\n\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c77292d52b341831cb09c24ca4112a1e4f9e91f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3d4c28475ee352c440b83484b72b1320ff76364a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ae19d422c7da84b5f13bc08b98bd737a08d3a53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8d25a08599df7ca3093eb7ca731c7cd41cbfbb51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d069dcffef849b8fd10030fd73007a79612803e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json new file mode 100644 index 00000000000..2cea5279cc4 --- /dev/null +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2022-50232", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T11:15:54.297", + "lastModified": "2025-06-18T11:15:54.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/775871d4be0d75e219cca937af843a4a1b60489a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39780.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39780.json index f80666c576a..6cebba226ce 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39780.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39780.json @@ -2,13 +2,13 @@ "id": "CVE-2024-39780", "sourceIdentifier": "security@ubuntu.com", "published": "2025-04-02T08:15:13.720", - "lastModified": "2025-04-02T14:58:07.527", + "lastModified": "2025-06-18T11:15:54.417", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. This issue has now been fixed for ROS Noetic via commit 3d93ac13603438323d7e9fa74e879e45c5fe2e8e." + "value": "A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code." }, { "lang": "es", @@ -22,19 +22,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 8.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, - "exploitabilityScore": 2.5, + "exploitabilityScore": 1.8, "impactScore": 5.9 } ] diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json new file mode 100644 index 00000000000..73f6a788f3f --- /dev/null +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1088", + "sourceIdentifier": "security@grafana.com", + "published": "2025-06-18T10:15:31.210", + "lastModified": "2025-06-18T10:15:31.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.\nThis issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@grafana.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@grafana.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://grafana.com/security/security-advisories/cve-2025-1088/", + "source": "security@grafana.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json new file mode 100644 index 00000000000..e2f500468d3 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23999", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-18T10:15:31.417", + "lastModified": "2025-06-18T10:15:31.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/breeze/vulnerability/wordpress-breeze-plugin-2-2-13-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json new file mode 100644 index 00000000000..0bcf5363cb4 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38005", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:31.617", + "lastModified": "2025-06-18T10:15:31.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma: Add missing locking\n\nRecent kernels complain about a missing lock in k3-udma.c when the lock\nvalidator is enabled:\n\n[ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238\n[ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28\n[ 4.144867] Hardware name: pp-v12 (DT)\n[ 4.148648] Workqueue: events udma_check_tx_completion\n[ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.160834] pc : udma_start.isra.0+0x34/0x238\n[ 4.165227] lr : udma_start.isra.0+0x30/0x238\n[ 4.169618] sp : ffffffc083cabcf0\n[ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005\n[ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000\n[ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670\n[ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030\n[ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048\n[ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001\n[ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68\n[ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8\n[ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000\n[ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000\n[ 4.244986] Call trace:\n[ 4.247463] udma_start.isra.0+0x34/0x238\n[ 4.251509] udma_check_tx_completion+0xd0/0xdc\n[ 4.256076] process_one_work+0x244/0x3fc\n[ 4.260129] process_scheduled_works+0x6c/0x74\n[ 4.264610] worker_thread+0x150/0x1dc\n[ 4.268398] kthread+0xd8/0xe8\n[ 4.271492] ret_from_fork+0x10/0x20\n[ 4.275107] irq event stamp: 220\n[ 4.278363] hardirqs last enabled at (219): [] _raw_spin_unlock_irq+0x38/0x50\n[ 4.287183] hardirqs last disabled at (220): [] el1_dbg+0x24/0x50\n[ 4.294879] softirqs last enabled at (182): [] handle_softirqs+0x1c0/0x3cc\n[ 4.303437] softirqs last disabled at (177): [] __do_softirq+0x1c/0x28\n[ 4.311559] ---[ end trace 0000000000000000 ]---\n\nThis commit adds the missing locking." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/99df1edf17493cb49a8c01f6bde55c3abb6a2a6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d87f1cddc592387359fde157cc4296556f6403c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/df5987e76a4ae4cbd705d81ab4b15ed232250a4a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fca280992af8c2fbd511bc43f65abb4a17363f2f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json new file mode 100644 index 00000000000..2dd580441b7 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38006", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:31.773", + "lastModified": "2025-06-18T10:15:31.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don't access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/acab78ae12c7fefb4f3bfe22e00770a5faa42724", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4d1561d17eb72908e4489c0900d96e0484fac20", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f11cf946c0a92c560a890d68e4775723353599e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json new file mode 100644 index 00000000000..b2e6af366aa --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38007", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:31.907", + "lastModified": "2025-06-18T10:15:31.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: uclogic: Add NULL check in uclogic_input_configured()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nuclogic_input_configured() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json new file mode 100644 index 00000000000..8700cfddd90 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38008", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.037", + "lastModified": "2025-06-18T10:15:32.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the '-1' case though; since that means a\n\t * decrement is concurrent with a first (0->1) increment. IOW\n\t * people are trying to disable something that wasn't yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/71dda1cb10702dc2859f00eb789b0502de2176a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/74953f93f47a45296cc2a3fd04e2a3202ff3fa53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98fdd2f612e949c652693f6df00442c81037776d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fefc075182275057ce607effaa3daa9e6e3bdc73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json new file mode 100644 index 00000000000..0bde59f0f7a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38009", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.160", + "lastModified": "2025-06-18T10:15:32.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: disable napi on driver removal\n\nA warning on driver removal started occurring after commit 9dd05df8403b\n(\"net: warn if NAPI instance wasn't shut down\"). Disable tx napi before\ndeleting it in mt76_dma_cleanup().\n\n WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100\n CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy)\n Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024\n RIP: 0010:__netif_napi_del_locked+0xf0/0x100\n Call Trace:\n \n mt76_dma_cleanup+0x54/0x2f0 [mt76]\n mt7921_pci_remove+0xd5/0x190 [mt7921e]\n pci_device_remove+0x47/0xc0\n device_release_driver_internal+0x19e/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xb0\n __do_sys_delete_module.isra.0+0x197/0x2e0\n do_syscall_64+0x7b/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTested with mt7921e but the same pattern can be actually applied to other\nmt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled\nin their *_dma_init() functions and only toggled off and on again inside\ntheir suspend/resume/reset paths. So it should be okay to disable tx\nnapi in such a generic way.\n\nFound by Linux Verification Center (linuxtesting.org)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json new file mode 100644 index 00000000000..f4aa295ee31 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38010", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.283", + "lastModified": "2025-06-18T10:15:32.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Use a bitmask for UTMI pad power state tracking\n\nThe current implementation uses bias_pad_enable as a reference count to\nmanage the shared bias pad for all UTMI PHYs. However, during system\nsuspension with connected USB devices, multiple power-down requests for\nthe UTMI pad result in a mismatch in the reference count, which in turn\nproduces warnings such as:\n\n[ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170\n[ 237.763103] Call trace:\n[ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170\n[ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30\n[ 237.763110] phy_power_off+0x48/0x100\n[ 237.763113] tegra_xusb_enter_elpg+0x204/0x500\n[ 237.763119] tegra_xusb_suspend+0x48/0x140\n[ 237.763122] platform_pm_suspend+0x2c/0xb0\n[ 237.763125] dpm_run_callback.isra.0+0x20/0xa0\n[ 237.763127] __device_suspend+0x118/0x330\n[ 237.763129] dpm_suspend+0x10c/0x1f0\n[ 237.763130] dpm_suspend_start+0x88/0xb0\n[ 237.763132] suspend_devices_and_enter+0x120/0x500\n[ 237.763135] pm_suspend+0x1ec/0x270\n\nThe root cause was traced back to the dynamic power-down changes\nintroduced in commit a30951d31b25 (\"xhci: tegra: USB2 pad power controls\"),\nwhere the UTMI pad was being powered down without verifying its current\nstate. This unbalanced behavior led to discrepancies in the reference\ncount.\n\nTo rectify this issue, this patch replaces the single reference counter\nwith a bitmask, renamed to utmi_pad_enabled. Each bit in the mask\ncorresponds to one of the four USB2 PHYs, allowing us to track each pad's\nenablement status individually.\n\nWith this change:\n - The bias pad is powered on only when the mask is clear.\n - Each UTMI pad is powered on or down based on its corresponding bit\n in the mask, preventing redundant operations.\n - The overall power state of the shared bias pad is maintained\n correctly during suspend/resume cycles.\n\nThe mutex used to prevent race conditions during UTMI pad enable/disable\noperations has been moved from the tegra186_utmi_bias_pad_power_on/off\nfunctions to the parent functions tegra186_utmi_pad_power_on/down. This\nchange ensures that there are no race conditions when updating the bitmask." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1db527f0cb8f677adadd4e28e5bc77aaf5d4e4c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/628bec9ed68a2204184fc8230a2609075b08666e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b47158fb42959c417ff2662075c0d46fb783d5d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba25131b3c1ceec303839b2462586d7673788197", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json new file mode 100644 index 00000000000..f95d6152834 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38011", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.417", + "lastModified": "2025-06-18T10:15:32.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: csa unmap use uninterruptible lock\n\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\nand then waiting to take vm lock is interrupted and return, it causes\nmemory leaking and below warning backtrace.\n\nChange to use uninterruptible wait lock fix the issue.\n\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\n Call Trace:\n \n drm_file_free.part.0+0x1da/0x230 [drm]\n drm_close_helper.isra.0+0x65/0x70 [drm]\n drm_release+0x6a/0x120 [drm]\n amdgpu_drm_release+0x51/0x60 [amdgpu]\n __fput+0x9f/0x280\n ____fput+0xe/0x20\n task_work_run+0x67/0xa0\n do_exit+0x217/0x3c0\n do_group_exit+0x3b/0xb0\n get_signal+0x14a/0x8d0\n arch_do_signal_or_restart+0xde/0x100\n exit_to_user_mode_loop+0xc1/0x1a0\n exit_to_user_mode_prepare+0xf4/0x100\n syscall_exit_to_user_mode+0x17/0x40\n do_syscall_64+0x69/0xc0\n\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0fa7873f2f869087b1e7793f7fac3713a1e3afe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1adc8d9a0d219d4e88672c30dbc9ea960d73136", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json new file mode 100644 index 00000000000..863e08fb9b8 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38012", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.560", + "lastModified": "2025-06-18T10:15:32.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: bpf_iter_scx_dsq_new() should always initialize iterator\n\nBPF programs may call next() and destroy() on BPF iterators even after new()\nreturns an error value (e.g. bpf_for_each() macro ignores error returns from\nnew()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized\nstate after an error return causing bpf_iter_scx_dsq_next() to dereference\ngarbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that\nnext() and destroy() become noops." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0102989af4c334d1d98b2a0fd4d61a5152e39b72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/255dd31bfc4a67a19b1fc2cd130a50284dadfe3a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/428dc9fc0873989d73918d4a9cc22745b7bbc799", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json new file mode 100644 index 00000000000..ad506cdcb6a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38013", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.797", + "lastModified": "2025-06-18T10:15:32.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request\n\nMake sure that n_channels is set after allocating the\nstruct cfg80211_registered_device::int_scan_req member. Seen with\nsyzkaller:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5\nindex 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')\n\nThis was missed in the initial conversions because I failed to locate\nthe allocation likely due to the \"sizeof(void *)\" not matching the\n\"channels\" array type." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07c737d9ab02c07b562aefcca16aa95077368e24", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82bbe02b2500ef0a62053fe2eb84773fe31c5a0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fde33ab3c052a302ee8a0b739094b88ceae4dd67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json new file mode 100644 index 00000000000..967f0264c31 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38014", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:32.927", + "lastModified": "2025-06-18T10:15:32.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Refactor remove call with idxd_cleanup() helper\n\nThe idxd_cleanup() helper cleans up perfmon, interrupts, internals and\nso on. Refactor remove call with the idxd_cleanup() helper to avoid code\nduplication. Note, this also fixes the missing put_device() for idxd\ngroups, enginces and wqs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23dc14c52d84b02b39d816bf16a754c0e7d48f9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a409e919ca321cc0e28f8abf96fde299f0072a81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7bd00f7e9bd075f3e4fbcc608d8ea445aed8692", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d530dd65f6f3c04bbf141702ecccd70170ed04ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json new file mode 100644 index 00000000000..057ade956db --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38015", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.060", + "lastModified": "2025-06-18T10:15:33.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix memory leak in error handling path of idxd_alloc\n\nMemory allocated for idxd is not freed if an error occurs during\nidxd_alloc(). To fix it, free the allocated memory in the reverse order\nof allocation before exiting the function in case of an error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json new file mode 100644 index 00000000000..a24afb9a89f --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38016", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.187", + "lastModified": "2025-06-18T10:15:33.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: bpf: abort dispatch if device destroyed\n\nThe current HID bpf implementation assumes no output report/request will\ngo through it after hid_bpf_destroy_device() has been called. This leads\nto a bug that unplugging certain types of HID devices causes a cleaned-\nup SRCU to be accessed. The bug was previously a hidden failure until a\nrecent x86 percpu change [1] made it access not-present pages.\n\nThe bug will be triggered if the conditions below are met:\n\nA) a device under the driver has some LEDs on\nB) hid_ll_driver->request() is uninplemented (e.g., logitech-djreceiver)\n\nIf condition A is met, hidinput_led_worker() is always scheduled *after*\nhid_bpf_destroy_device().\n\nhid_destroy_device\n` hid_bpf_destroy_device\n ` cleanup_srcu_struct(&hdev->bpf.srcu)\n` hid_remove_device\n ` ...\n ` led_classdev_unregister\n ` led_trigger_set(led_cdev, NULL)\n ` led_set_brightness(led_cdev, LED_OFF)\n ` ...\n ` input_inject_event\n ` input_event_dispose\n ` hidinput_input_event\n ` schedule_work(&hid->led_work) [hidinput_led_worker]\n\nThis is fine when condition B is not met, where hidinput_led_worker()\ncalls hid_ll_driver->request(). This is the case for most HID drivers,\nwhich implement it or use the generic one from usbhid. The driver itself\nor an underlying driver will then abort processing the request.\n\nOtherwise, hidinput_led_worker() tries hid_hw_output_report() and leads\nto the bug.\n\nhidinput_led_worker\n` hid_hw_output_report\n ` dispatch_hid_bpf_output_report\n ` srcu_read_lock(&hdev->bpf.srcu)\n ` srcu_read_unlock(&hdev->bpf.srcu, idx)\n\nThe bug has existed since the introduction [2] of\ndispatch_hid_bpf_output_report(). However, the same bug also exists in\ndispatch_hid_bpf_raw_requests(), and I've reproduced (no visible effect\nbecause of the lack of [1], but confirmed bpf.destroyed == 1) the bug\nagainst the commit (i.e., the Fixes:) introducing the function. This is\nbecause hidinput_led_worker() falls back to hid_hw_raw_request() when\nhid_ll_driver->output_report() is uninplemented (e.g., logitech-\ndjreceiver).\n\nhidinput_led_worker\n` hid_hw_output_report: -ENOSYS\n` hid_hw_raw_request\n ` dispatch_hid_bpf_raw_requests\n ` srcu_read_lock(&hdev->bpf.srcu)\n ` srcu_read_unlock(&hdev->bpf.srcu, idx)\n\nFix the issue by returning early in the two mentioned functions if\nhid_bpf has been marked as destroyed. Though\ndispatch_hid_bpf_device_event() handles input events, and there is no\nevidence that it may be called after the destruction, the same check, as\na safety net, is also added to it to maintain the consistency among all\ndispatch functions.\n\nThe impact of the bug on other architectures is unclear. Even if it acts\nas a hidden failure, this is still dangerous because it corrupts\nwhatever is on the address calculated by SRCU. Thus, CC'ing the stable\nlist.\n\n[1]: commit 9d7de2aa8b41 (\"x86/percpu/64: Use relative percpu offsets\")\n[2]: commit 9286675a2aed (\"HID: bpf: add HID-BPF hooks for\nhid_hw_output_report\")" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/578e1b96fad7402ff7e9c7648c8f1ad0225147c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e4b4fe25a4101d1ddb5884f40e149a3618983b66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8544be7e8e55b0ef23e1ab90e23e8d4d4aad3d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json new file mode 100644 index 00000000000..fa6a0dabc9e --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38017", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.310", + "lastModified": "2025-06-18T10:15:33.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/eventpoll: fix endless busy loop after timeout has expired\n\nAfter commit 0a65bc27bd64 (\"eventpoll: Set epoll timeout if it's in\nthe future\"), the following program would immediately enter a busy\nloop in the kernel:\n\n```\nint main() {\n int e = epoll_create1(0);\n struct epoll_event event = {.events = EPOLLIN};\n epoll_ctl(e, EPOLL_CTL_ADD, 0, &event);\n const struct timespec timeout = {.tv_nsec = 1};\n epoll_pwait2(e, &event, 1, &timeout, 0);\n}\n```\n\nThis happens because the given (non-zero) timeout of 1 nanosecond\nusually expires before ep_poll() is entered and then\nep_schedule_timeout() returns false, but `timed_out` is never set\nbecause the code line that sets it is skipped. This quickly turns\ninto a soft lockup, RCU stalls and deadlocks, inflicting severe\nheadaches to the whole system.\n\nWhen the timeout has expired, we don't need to schedule a hrtimer, but\nwe should set the `timed_out` variable. Therefore, I suggest moving\nthe ep_schedule_timeout() check into the `timed_out` expression\ninstead of skipping it.\n\nbrauner: Note that there was an earlier fix by Joe Damato in response to\nmy bug report in [1]." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7631dca012593c95d36199082546a24a0058fc50", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9ec73301099ec5975505e1c3effbe768bab9490", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json new file mode 100644 index 00000000000..6be413834ed --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38018", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.433", + "lastModified": "2025-06-18T10:15:33.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix kernel panic when alloc_page failed\n\nWe cannot set frag_list to NULL pointer when alloc_page failed.\nIt will be used in tls_strp_check_queue_ok when the next time\ntls_strp_read_sock is called.\n\nThis is because we don't reset full_len in tls_strp_flush_anchor_copy()\nso the recv path will try to continue handling the partial record\non the next call but we dettached the rcvq from the frag list.\nAlternative fix would be to reset full_len.\n\nUnable to handle kernel NULL pointer dereference\nat virtual address 0000000000000028\n Call trace:\n tls_strp_check_rcv+0x128/0x27c\n tls_strp_data_ready+0x34/0x44\n tls_data_ready+0x3c/0x1f0\n tcp_data_ready+0x9c/0xe4\n tcp_data_queue+0xf6c/0x12d0\n tcp_rcv_established+0x52c/0x798" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/406d05da26835943568e61bb751c569efae071d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/491deb9b8c4ad12fe51d554a69b8165b9ef9429f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f1f833cb388592bb46104463a1ec1b7c41975b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f7f96549bc55e4ef3a6b499bc5011e5de2f46c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a11b8c0be6acd0505a58ff40d474bd778b25b93a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json new file mode 100644 index 00000000000..ea2fe7e6703 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38019", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.563", + "lastModified": "2025-06-18T10:15:33.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices\n\nThe driver only offloads neighbors that are constructed on top of net\ndevices registered by it or their uppers (which are all Ethernet). The\ndevice supports GRE encapsulation and decapsulation of forwarded\ntraffic, but the driver will not offload dummy neighbors constructed on\ntop of GRE net devices as they are not uppers of its net devices:\n\n # ip link add name gre1 up type gre tos inherit local 192.0.2.1 remote 198.51.100.1\n # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 NOARP\n\n(Note that the neighbor is not marked with 'offload')\n\nWhen the driver is reloaded and the existing configuration is replayed,\nthe driver does not perform the same check regarding existing neighbors\nand offloads the previously added one:\n\n # devlink dev reload pci/0000:01:00.0\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 offload NOARP\n\nIf the neighbor is later deleted, the driver will ignore the\nnotification (given the GRE net device is not its upper) and will\ntherefore keep referencing freed memory, resulting in a use-after-free\n[1] when the net device is deleted:\n\n # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1\n # ip link del dev gre1\n\nFix by skipping neighbor replay if the net device for which the replay\nis performed is not our upper.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x1ea/0x200\nRead of size 8 at addr ffff888155b0e420 by task ip/2282\n[...]\nCall Trace:\n \n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6f/0x350\n print_report+0x108/0x205\n kasan_report+0xdf/0x110\n mlxsw_sp_neigh_entry_update+0x1ea/0x200\n mlxsw_sp_router_rif_gone_sync+0x2a8/0x440\n mlxsw_sp_rif_destroy+0x1e9/0x750\n mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0\n mlxsw_sp_router_netdevice_event+0x3ac/0x15e0\n notifier_call_chain+0xca/0x150\n call_netdevice_notifiers_info+0x7f/0x100\n unregister_netdevice_many_notify+0xc8c/0x1d90\n rtnl_dellink+0x34e/0xa50\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x131/0x360\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n __sys_sendmsg+0x121/0x1b0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/92ec4855034b2c4d13f117558dc73d20581fa9ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ab7945f3a61ed23da412e30f1e56414c05c4f06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/abc43c1ffdbc801b0b04ac845bfaf1d42b8f68f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1ecccb5cdda39bca8cd17bb0b6cf61361e33578", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json new file mode 100644 index 00000000000..4b9da75a374 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.700", + "lastModified": "2025-06-18T10:15:33.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Disable MACsec offload for uplink representor profile\n\nMACsec offload is not supported in switchdev mode for uplink\nrepresentors. When switching to the uplink representor profile, the\nMACsec offload feature must be cleared from the netdevice's features.\n\nIf left enabled, attempts to add offloads result in a null pointer\ndereference, as the uplink representor does not support MACsec offload\neven though the feature bit remains set.\n\nClear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().\n\nKernel log:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]\nCPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__mutex_lock+0x128/0x1dd0\nCode: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff\nRSP: 0018:ffff888147a4f160 EFLAGS: 00010206\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078\nRBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000\nFS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nCall Trace:\n \n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? __mutex_lock+0x128/0x1dd0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mutex_lock_io_nested+0x1ae0/0x1ae0\n ? lock_acquire+0x1c2/0x530\n ? macsec_upd_offload+0x145/0x380\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n ? __kasan_kmalloc+0x77/0x90\n ? __kmalloc_noprof+0x249/0x6b0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core]\n macsec_update_offload+0x26c/0x820\n ? macsec_set_mac_address+0x4b0/0x4b0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? _raw_spin_unlock_irqrestore+0x47/0x50\n macsec_upd_offload+0x2c8/0x380\n ? macsec_update_offload+0x820/0x820\n ? __nla_parse+0x22/0x30\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240\n genl_family_rcv_msg_doit+0x1cc/0x2a0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240\n ? cap_capable+0xd4/0x330\n genl_rcv_msg+0x3ea/0x670\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? macsec_update_offload+0x820/0x820\n netlink_rcv_skb+0x12b/0x390\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? netlink_ack+0xd80/0xd80\n ? rwsem_down_read_slowpath+0xf90/0xf90\n ? netlink_deliver_tap+0xcd/0xac0\n ? netlink_deliver_tap+0x155/0xac0\n ? _copy_from_iter+0x1bb/0x12c0\n genl_rcv+0x24/0x40\n netlink_unicast+0x440/0x700\n ? netlink_attachskb+0x760/0x760\n ? lock_acquire+0x1c2/0x530\n ? __might_fault+0xbb/0x170\n netlink_sendmsg+0x749/0xc10\n ? netlink_unicast+0x700/0x700\n ? __might_fault+0xbb/0x170\n ? netlink_unicast+0x700/0x700\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x53f/0x760\n ? import_iovec+0x7/0x10\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x3c0/0x3c0\n ? filter_irq_stacks+0x90/0x90\n ? stack_depot_save_flags+0x28/0xa30\n ___sys_sen\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json new file mode 100644 index 00000000000..0cfdb6f879a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.827", + "lastModified": "2025-06-18T10:15:33.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp\n\nSimilar to commit 6a057072ddd1 (\"drm/amd/display: Fix null check for\npipe_ctx->plane_state in dcn20_program_pipe\") that addresses a null\npointer dereference on dcn20_update_dchubp_dpp. This is the same\nfunction hooked for update_dchubp_dpp in dcn401, with the same issue.\nFix possible null pointer deference on dcn401_program_pipe too.\n\n(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4679061fb25344d6010ce7b9bebac21c91a0b75a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3b7e65b6be59e686e163fa1ceb0922f996897c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json new file mode 100644 index 00000000000..0f2c2332a6e --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38022", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:33.950", + "lastModified": "2025-06-18T10:15:33.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\n\nCall Trace:\n\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n strlen+0x93/0xa0 lib/string.c:420\n __fortify_strlen include/linux/fortify-string.h:268 [inline]\n get_kobj_path_length lib/kobject.c:118 [inline]\n kobject_get_path+0x3f/0x2a0 lib/kobject.c:158\n kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\n ib_register_device drivers/infiniband/core/device.c:1472 [inline]\n ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\n rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\n rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\n nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\n rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n __sys_sendmsg+0x16d/0x220 net/socket.c:2652\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\n\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\n\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/03df57ad4b0ff9c5a93ff981aba0b42578ad1571", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/10c7f1c647da3b77ef8827d974a97b6530b64df0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0706bfd3ee40923c001c6827b786a309e2a8713", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json new file mode 100644 index 00000000000..612e6edca7b --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38023", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.100", + "lastModified": "2025-06-18T10:15:34.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: handle failure of nfs_get_lock_context in unlock path\n\nWhen memory is insufficient, the allocation of nfs_lock_context in\nnfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat\nan nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM)\nas valid and proceed to execute rpc_run_task(), this will trigger a NULL\npointer dereference in nfs4_locku_prepare. For example:\n\nBUG: kernel NULL pointer dereference, address: 000000000000000c\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40\nWorkqueue: rpciod rpc_async_schedule\nRIP: 0010:nfs4_locku_prepare+0x35/0xc2\nCode: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3\nRSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246\nRAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40\nRBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38\nR10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030\nR13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30\nFS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0\nCall Trace:\n \n __rpc_execute+0xbc/0x480\n rpc_async_schedule+0x2f/0x40\n process_one_work+0x232/0x5d0\n worker_thread+0x1da/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x10d/0x240\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \nModules linked in:\nCR2: 000000000000000c\n---[ end trace 0000000000000000 ]---\n\nFree the allocated nfs4_unlockdata when nfs_get_lock_context() fails and\nreturn NULL to terminate subsequent rpc_run_task, preventing NULL pointer\ndereference." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c189fd40a09a03f9a900bedb2d9064f1734d72a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/72f552e00c50f265896d3c19edc6696aa2910081", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85fb7f8ca5f8c138579fdfc9b97b3083e6077d40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6879a076b98c99c9fe747816fe1c29543442441", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c457dc1ec770a22636b473ce5d35614adfe97636", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da824f1271633bcb515ca8084cda3eda4b3ace51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db6f5ee1fc8f54d079d0751292c2fc2d78e3aad1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f601960af04d2ecb007c928ba153d34051acd9c1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json new file mode 100644 index 00000000000..5a20cf4851f --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38024", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.333", + "lastModified": "2025-06-18T10:15:34.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\n\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcf/0x610 mm/kasan/report.c:489\n kasan_report+0xb5/0xe0 mm/kasan/report.c:602\n rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195\n rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132\n __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232\n rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109\n create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052\n ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095\n ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679\n vfs_write fs/read_write.c:677 [inline]\n vfs_write+0x26a/0xcc0 fs/read_write.c:659\n ksys_write+0x1b8/0x200 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn the function rxe_create_cq, when rxe_cq_from_init fails, the function\nrxe_cleanup will be called to handle the allocated resources. In fact,\nsome memory resources have already been freed in the function\nrxe_cq_from_init. Thus, this problem will occur.\n\nThe solution is to let rxe_cleanup do all the work." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16c45ced0b3839d3eee72a86bb172bef6cf58980", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/336edd6b0f5b7fbffc3e065285610624f59e88df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a3b73e135e3bd18423d0baa72571319c7feb759", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52daccfc3fa68ee1902d52124921453d7a335591", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7c7c80c32e00665234e373ab03fe82f5c5c2c230", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee4c5a2a38596d548566560c0c022ab797e6f71a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f81b33582f9339d2dc17c69b92040d3650bb4bae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8f470e3a757425a8f98fb9a5991e3cf62fc7134", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json new file mode 100644 index 00000000000..97a01e3966a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38025", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.467", + "lastModified": "2025-06-18T10:15:34.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7606: check for NULL before calling sw_mode_config()\n\nCheck that the sw_mode_config function pointer is not NULL before\ncalling it. Not all buses define this callback, which resulted in a NULL\npointer dereference." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5257d80e22bf27009d6742e4c174f42cfe54e425", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c28ad63aa55eaadad2b1793b90bfbe7296cc03ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38026.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38026.json new file mode 100644 index 00000000000..7d96a94d854 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38026.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38026", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.590", + "lastModified": "2025-06-18T10:15:34.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Do not touch VMSA pages during SNP guest memory kdump\n\nWhen kdump is running makedumpfile to generate vmcore and dump SNP guest\nmemory it touches the VMSA page of the vCPU executing kdump.\n\nIt then results in unrecoverable #NPF/RMP faults as the VMSA page is\nmarked busy/in-use when the vCPU is running and subsequently a causes\nguest softlockup/hang.\n\nAdditionally, other APs may be halted in guest mode and their VMSA pages\nare marked busy and touching these VMSA pages during guest memory dump\nwill also cause #NPF.\n\nIssue AP_DESTROY GHCB calls on other APs to ensure they are kicked out\nof guest mode and then clear the VMSA bit on their VMSA pages.\n\nIf the vCPU running kdump is an AP, mark it's VMSA page as offline to\nensure that makedumpfile excludes that page while dumping guest memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/26468ea864fecf496654459e52a6b7a7230bcb6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2062cc1b1c367d5d019f595ef860159e1301351", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json new file mode 100644 index 00000000000..8eeb9b7f704 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38027", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.720", + "lastModified": "2025-06-18T10:15:34.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it's out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json new file mode 100644 index 00000000000..5d8d3ad0afe --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38028", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.850", + "lastModified": "2025-06-18T10:15:34.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS/localio: Fix a race in nfs_local_open_fh()\n\nOnce the clp->cl_uuid.lock has been dropped, another CPU could come in\nand free the struct nfsd_file that was just added. To prevent that from\nhappening, take the RCU read lock before dropping the spin lock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json new file mode 100644 index 00000000000..c4dec61ca7b --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38029", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:34.970", + "lastModified": "2025-06-18T10:15:34.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and\narch_leave_lazy_mmu_mode() -> preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700\n[ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40\n[ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0\n[ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90\n[ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0\n[ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0\n[ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0\n[ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6748dd09196248b985cca39eaf651d5317271977", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38030.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38030.json new file mode 100644 index 00000000000..a8020283462 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38030.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38030", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.100", + "lastModified": "2025-06-18T10:15:35.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd: Keep display off while going into S4\"\n\ncommit 68bfdc8dc0a1a (\"drm/amd: Keep display off while going into S4\")\nattempted to keep displays off during the S4 sequence by not resuming\ndisplay IP. This however leads to hangs because DRM clients such as the\nconsole can try to access registers and cause a hang.\n\n(cherry picked from commit e485502c37b097b0bd773baa7e2741bf7bd2909a)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7c220f89add8e7d6db63c9c4d9566917f8175a0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e7cb7a13c81073d38a10fa7b450d23712281ec4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c40d1f7b75fc93d7ef02acc3a2a712cb057e576", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed7d24b0c375f74a1956e73d53549be78bf2774c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/edfb7f9d27e2cd9aad55cfb5aaa6c67801613e6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff887e77b777e806b5210eba229e0bd657e07b60", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json new file mode 100644 index 00000000000..dfbaf056b33 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38031", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.230", + "lastModified": "2025-06-18T10:15:35.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: do not leak refcount in reorder_work\n\nA recent patch that addressed a UAF introduced a reference count leak:\nthe parallel_data refcount is incremented unconditionally, regardless\nof the return value of queue_work(). If the work item is already queued,\nthe incremented refcount is never decremented.\n\nFix this by checking the return value of queue_work() and decrementing\nthe refcount when necessary.\n\nResolves:\n\nUnreferenced object 0xffff9d9f421e3d80 (size 192):\n comm \"cryptomgr_probe\", pid 157, jiffies 4294694003\n hex dump (first 32 bytes):\n 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............\n d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.\n backtrace (crc 838fb36):\n __kmalloc_cache_noprof+0x284/0x320\n padata_alloc_pd+0x20/0x1e0\n padata_alloc_shell+0x3b/0xa0\n 0xffffffffc040a54d\n cryptomgr_probe+0x43/0xc0\n kthread+0xf6/0x1f0\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1c65ae4988714716101555fe2b9830e33136d6fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/584a729615fa92f4de45480efb7e569d14be1516", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6ebcde6d4ecf34f8495fb30516645db3aea8993", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json new file mode 100644 index 00000000000..8d8b66fc2c3 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38032", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.357", + "lastModified": "2025-06-18T10:15:35.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmr: consolidate the ipmr_can_free_table() checks.\n\nGuoyu Yin reported a splat in the ipmr netns cleanup path:\n\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nModules linked in:\nCPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 Not tainted 6.14.0 #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nRIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nCode: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8\nRSP: 0018:ffff888109547c58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868\nRDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 0000000000000005\nRBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9\nR10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001\nR13: ffff888108c13320 R14: ffff888108c12dc0 R15: fffffbfff0b74058\nFS: 00007f84f39316c0(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f84f3930f98 CR3: 0000000113b56000 CR4: 0000000000350ef0\nCall Trace:\n \n ipmr_net_exit_batch+0x50/0x90 net/ipv4/ipmr.c:3160\n ops_exit_list+0x10c/0x160 net/core/net_namespace.c:177\n setup_net+0x47d/0x8e0 net/core/net_namespace.c:394\n copy_net_ns+0x25d/0x410 net/core/net_namespace.c:516\n create_new_namespaces+0x3f6/0xaf0 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc3/0x180 kernel/nsproxy.c:228\n ksys_unshare+0x78d/0x9a0 kernel/fork.c:3342\n __do_sys_unshare kernel/fork.c:3413 [inline]\n __se_sys_unshare kernel/fork.c:3411 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3411\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f84f532cc29\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f84f3931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f84f5615fa0 RCX: 00007f84f532cc29\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000400\nRBP: 00007f84f53fba18 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f84f5615fa0 R15: 00007fff51c5f328\n \n\nThe running kernel has CONFIG_IP_MROUTE_MULTIPLE_TABLES disabled, and\nthe sanity check for such build is still too loose.\n\nAddress the issue consolidating the relevant sanity check in a single\nhelper regardless of the kernel configuration. Also share it between\nthe ipv4 and ipv6 code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1c518ae98302ab37786d5ba5d43e9ac6d6f894e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c46286fdd6aa1d0e33c245bcffe9ff2428a777bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json new file mode 100644 index 00000000000..ee63982e9d9 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38033", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.470", + "lastModified": "2025-06-18T10:15:35.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88\n\nCalling core::fmt::write() from rust code while FineIBT is enabled\nresults in a kernel panic:\n\n[ 4614.199779] kernel BUG at arch/x86/kernel/cet.c:132!\n[ 4614.205343] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 4614.211781] CPU: 2 UID: 0 PID: 6057 Comm: dmabuf_dump Tainted: G U O 6.12.17-android16-0-g6ab38c534a43 #1 9da040f27673ec3945e23b998a0f8bd64c846599\n[ 4614.227832] Tainted: [U]=USER, [O]=OOT_MODULE\n[ 4614.241247] RIP: 0010:do_kernel_cp_fault+0xea/0xf0\n...\n[ 4614.398144] RIP: 0010:_RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x0/0x20\n[ 4614.407792] Code: 48 f7 df 48 0f 48 f9 48 89 f2 89 c6 5d e9 18 fd ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 41 81 ea 14 61 af 2c 74 03 0f 0b 90 <66> 0f 1f 00 55 48 89 e5 48 89 f2 48 8b 3f be 01 00 00 00 5d e9 e7\n[ 4614.428775] RSP: 0018:ffffb95acfa4ba68 EFLAGS: 00010246\n[ 4614.434609] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000000\n[ 4614.442587] RDX: 0000000000000007 RSI: ffffb95acfa4ba70 RDI: ffffb95acfa4bc88\n[ 4614.450557] RBP: ffffb95acfa4bae0 R08: ffff0a00ffffff05 R09: 0000000000000070\n[ 4614.458527] R10: 0000000000000000 R11: ffffffffab67eaf0 R12: ffffb95acfa4bcc8\n[ 4614.466493] R13: ffffffffac5d50f0 R14: 0000000000000000 R15: 0000000000000000\n[ 4614.474473] ? __cfi__RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x10/0x10\n[ 4614.484118] ? _RNvNtCs3o2tGsuHyou_4core3fmt5write+0x1d2/0x250\n\nThis happens because core::fmt::write() calls\ncore::fmt::rt::Argument::fmt(), which currently has CFI disabled:\n\nlibrary/core/src/fmt/rt.rs:\n171 // FIXME: Transmuting formatter in new and indirectly branching to/calling\n172 // it here is an explicit CFI violation.\n173 #[allow(inline_no_sanitize)]\n174 #[no_sanitize(cfi, kcfi)]\n175 #[inline]\n176 pub(super) unsafe fn fmt(&self, f: &mut Formatter<'_>) -> Result {\n\nThis causes a Control Protection exception, because FineIBT has sealed\noff the original function's endbr64.\n\nThis makes rust currently incompatible with FineIBT. Add a Kconfig\ndependency that prevents FineIBT from getting turned on by default\nif rust is enabled.\n\n[ Rust 1.88.0 (scheduled for 2025-06-26) should have this fixed [1],\n and thus we relaxed the condition with Rust >= 1.88.\n\n When `objtool` lands checking for this with e.g. [2], the plan is\n to ideally run that in upstream Rust's CI to prevent regressions\n early [3], since we do not control `core`'s source code.\n\n Alice tested the Rust PR backported to an older compiler.\n\n Peter would like that Rust provides a stable `core` which can be\n pulled into the kernel: \"Relying on that much out of tree code is\n 'unfortunate'\".\n\n - Miguel ]\n\n[ Reduced splat. - Miguel ]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5595c31c370957aabe739ac3996aedba8267603f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a8d073d87da4ad1496b35adaee5719e94665d81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b9956d09382bcbd5fd260c4b60ec48680a4cffb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json new file mode 100644 index 00000000000..b6187f90a65 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38034", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.593", + "lastModified": "2025-06-18T10:15:35.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0528bba48dce7820d2da72e1a114e1c4552367eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/137bfa08c6441f324d00692d1e9d22cfd773329b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a97f961a568a8f72472dc804af02a0f73152c5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f7c8c03feba5f2454792fab3bb8bd45bd6883f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a641154cedf9d69730f8af5d0a901fe86e6486bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a876703894a6dd6e8c04b0635d86e9f7a7c81b79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json new file mode 100644 index 00000000000..2371df5efac --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38035", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.750", + "lastModified": "2025-06-18T10:15:35.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don't restore null sk_state_change\n\nqueue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn't established when nvmet_tcp_set_queue_sock() is\ncalled then queue->state_change isn't set and sock->sk->sk_state_change\nisn't replaced.\n\nAs such we don't need to restore sock->sk->sk_state_change if\nqueue->state_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a982ada411b8c52695f1784c3f4784771f30209", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/46d22b47df2741996af277a2838b95f130436c13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a21cb31642ffc84ca4ce55028212a96f72f54d30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c240375587ddcc80e1022f52ee32b946bbc3a639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ec462449f4cf616b0aa2ed119f5f44b5fdfcefab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json new file mode 100644 index 00000000000..4d573237925 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38036", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:35.897", + "lastModified": "2025-06-18T10:15:35.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit's MMIO members already setup. However, due to recent refactoring\nthe gt->mmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it's a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt->mmio which will make those GuC functions work again." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json new file mode 100644 index 00000000000..ef23c67e469 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38037", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.030", + "lastModified": "2025-06-18T10:15:36.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Annotate FDB data races\n\nThe 'used' and 'updated' fields in the FDB entry structure can be\naccessed concurrently by multiple threads, leading to reports such as\n[1]. Can be reproduced using [2].\n\nSuppress these reports by annotating these accesses using\nREAD_ONCE() / WRITE_ONCE().\n\n[1]\nBUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit\n\nwrite to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:\n vxlan_xmit+0xb29/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:\n vxlan_xmit+0xadf/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000fffbac6e -> 0x00000000fffbac6f\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n\n[2]\n #!/bin/bash\n\n set +H\n echo whitelist > /sys/kernel/debug/kcsan\n echo !vxlan_xmit > /sys/kernel/debug/kcsan\n\n ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1\n taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &\n taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json new file mode 100644 index 00000000000..5ef0636d298 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38038", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.160", + "lastModified": "2025-06-18T10:15:36.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/61e931ee145eeab8196e585ff4334870b130b744", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd347d071713234586762d79c5a691785e9be418", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db1cafc77aaaf871509da06f4a864e9af6d6791f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json new file mode 100644 index 00000000000..60b3ca79905 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38039", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.280", + "lastModified": "2025-06-18T10:15:36.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled\n\nWhen attempting to enable MQPRIO while HTB offload is already\nconfigured, the driver currently returns `-EINVAL` and triggers a\n`WARN_ON`, leading to an unnecessary call trace.\n\nUpdate the code to handle this case more gracefully by returning\n`-EOPNOTSUPP` instead, while also providing a helpful user message." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/689805dcc474c2accb5cffbbcea1c06ee4a54570", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e2bac6835f73895598df5a3a125a19497fad46b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b82e496531c571caf8a2ef247f51c160bab2162e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json new file mode 100644 index 00000000000..408fe30dbee --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38040", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.400", + "lastModified": "2025-06-18T10:15:36.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mctrl_gpio: split disable_ms into sync and no_sync APIs\n\nThe following splat has been observed on a SAMA5D27 platform using\natmel_serial:\n\nBUG: sleeping function called from invalid context at kernel/irq/manage.c:738\nin_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0\npreempt_count: 1, expected: 0\nINFO: lockdep is turned off.\nirq event stamp: 0\nhardirqs last enabled at (0): [<00000000>] 0x0\nhardirqs last disabled at (0): [] copy_process+0x1c4c/0x7bec\nsoftirqs last enabled at (0): [] copy_process+0x1ca0/0x7bec\nsoftirqs last disabled at (0): [<00000000>] 0x0\nCPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74\nHardware name: Atmel SAMA5\nWorkqueue: hci0 hci_power_on [bluetooth]\nCall trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x44/0x70\n dump_stack_lvl from __might_resched+0x38c/0x598\n __might_resched from disable_irq+0x1c/0x48\n disable_irq from mctrl_gpio_disable_ms+0x74/0xc0\n mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4\n atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8\n atmel_set_termios from uart_change_line_settings+0x15c/0x994\n uart_change_line_settings from uart_set_termios+0x2b0/0x668\n uart_set_termios from tty_set_termios+0x600/0x8ec\n tty_set_termios from ttyport_set_flow_control+0x188/0x1e0\n ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]\n wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]\n hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]\n hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]\n hci_power_on [bluetooth] from process_one_work+0x998/0x1a38\n process_one_work from worker_thread+0x6e0/0xfb4\n worker_thread from kthread+0x3d4/0x484\n kthread from ret_from_fork+0x14/0x28\n\nThis warning is emitted when trying to toggle, at the highest level,\nsome flow control (with serdev_device_set_flow_control) in a device\ndriver. At the lowest level, the atmel_serial driver is using\nserial_mctrl_gpio lib to enable/disable the corresponding IRQs\naccordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to\ndisable_irq (called in mctrl_gpio_disable_ms) being possibly called in\nsome atomic context (some tty drivers perform modem lines configuration\nin regions protected by port lock).\n\nSplit mctrl_gpio_disable_ms into two differents APIs, a non-blocking one\nand a blocking one. Replace mctrl_gpio_disable_ms calls with the\nrelevant version depending on whether the call is protected by some port\nlock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1bd2aad57da95f7f2d2bb52f7ad15c0f4993a685", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7187ec6b0b9ff22ebac2c3bb4178b7dbbdc0a55a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c504c11b94d6e4ad818ca5578dffa8ff29ad0f20", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e6a46719a2369eb5186d4f7e6c0478720ca1ec3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json new file mode 100644 index 00000000000..77d30c7f334 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38041", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.533", + "lastModified": "2025-06-18T10:15:36.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb963d7948ce6571939c6875424b557b25f16610", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json new file mode 100644 index 00000000000..df5f277fca1 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38042", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.657", + "lastModified": "2025-06-18T10:15:36.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n> ip link set eth1 down\n> ip link set eth0 down\n> ethtool -L eth0 rx 8\n> ip link set eth0 up\n> modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0da30874729baeb01889b0eca16cfda122687503", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json new file mode 100644 index 00000000000..435d92db748 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38043", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.783", + "lastModified": "2025-06-18T10:15:36.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Set dma_mask for ffa devices\n\nSet dma_mask for FFA devices, otherwise DMA allocation using the device pointer\nlead to following warning:\n\nWARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2e62c803feec1ef5847d8fa47dd0de039abfa378", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a3efeef64364c2a028cf0d03d68c831813a97fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97bab02f0b64ba6bcdf6a8fae561db07f509aee9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6aa1d6bd6ccff4ecdf064d288817657ec8532f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc0aac7ca17e0ea3ca84b552fc79f3e86fd07f53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2de76c34a8a925efe80fccae4810427bc144ed0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json new file mode 100644 index 00000000000..dd62b134390 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38044", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:36.913", + "lastModified": "2025-06-18T10:15:36.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx231xx: set device_caps for 417\n\nThe video_device for the MPEG encoder did not set device_caps.\n\nAdd this, otherwise the video device can't be registered (you get a\nWARN_ON instead).\n\nNot seen before since currently 417 support is disabled, but I found\nthis while experimenting with it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0884dd3abbe80307a2d4cbdbe5e312be164f8adb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4731d5328f507ae8fd8a57abbca9119ec7a8d665", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c9eca180a4235abd56cc7f7308ca72128d93dce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a79efc44b51432490538a55b9753a721f7d3ea42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c91447e35b9bea60bda4408c48e7891d14351021", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e43fd82bb2110bf9d13d800cdc49cceddfd0ede5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json new file mode 100644 index 00000000000..6dbf693c878 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38045", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.070", + "lastModified": "2025-06-18T10:15:37.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix debug actions order\n\nThe order of actions taken for debug was implemented incorrectly.\nNow we implemented the dump split and do the FW reset only in the\nmiddle of the dump (rather than the FW killing itself on error.)\nAs a result, some of the actions taken when applying the config\nwill now crash the device, so we need to fix the order." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38046.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38046.json new file mode 100644 index 00000000000..0d5b80453eb --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38046.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38046", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.187", + "lastModified": "2025-06-18T10:15:37.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: Add support for XenServer 6.1 platform device\n\nOn XenServer on Windows machine a platform device with ID 2 instead of\n1 is used.\n\nThis device is mainly identical to device 1 but due to some Windows\nupdate behaviour it was decided to use a device with a different ID.\n\nThis causes compatibility issues with Linux which expects, if Xen\nis detected, to find a Xen platform device (5853:0001) otherwise code\nwill crash due to some missing initialization (specifically grant\ntables). Specifically from dmesg\n\n RIP: 0010:gnttab_expand+0x29/0x210\n Code: 90 0f 1f 44 00 00 55 31 d2 48 89 e5 41 57 41 56 41 55 41 89 fd\n 41 54 53 48 83 ec 10 48 8b 05 7e 9a 49 02 44 8b 35 a7 9a 49 02\n <8b> 48 04 8d 44 39 ff f7 f1 45 8d 24 06 89 c3 e8 43 fe ff ff\n 44 39\n RSP: 0000:ffffba34c01fbc88 EFLAGS: 00010086\n ...\n\nThe device 2 is presented by Xapi adding device specification to\nQemu command line." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02d850de9495699f2029886a6a69f0ed07a39b84", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0fb6c439d265f09785a561fd2c637af567641cab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2356f15caefc0cc63d9cc5122641754f76ef9b25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5239ba49ad23a2285b4c2d15bec71566d32e0300", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55c3a07c0d96f5328e8fd5ffbf1448b60683f6fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7258b92ceff342912945eaaf8787ca3b83dbae21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/baedd1ef924d2b04d6223e0e1633e2d84fee6763", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5363ffdabc2a281bd0023584944e3d0c25dfcd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json new file mode 100644 index 00000000000..220fbade23a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38047", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.317", + "lastModified": "2025-06-18T10:15:37.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5f1e8af9c9e151ecd665f6d2e36fb25fec3b110", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7090fe75a2826363c71ad1fb4e95e58141478df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json new file mode 100644 index 00000000000..e36e52d6147 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38048", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.450", + "lastModified": "2025-06-18T10:15:37.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_ring: Fix data race by tagging event_triggered as racy for KCSAN\n\nsyzbot reports a data-race when accessing the event_triggered, here is the\nsimplified stack when the issue occurred:\n\n==================================================================\nBUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed\n\nwrite to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0:\n virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653\n start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3800 [inline]\n\nread to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1:\n virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline]\n virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566\n skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777\n vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715\n __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158\n handle_irq_event_percpu kernel/irq/handle.c:193 [inline]\n\nvalue changed: 0x01 -> 0x00\n==================================================================\n\nWhen the data race occurs, the function virtqueue_enable_cb_delayed() sets\nevent_triggered to false, and virtqueue_disable_cb_split/packed() reads it\nas false due to the race condition. Since event_triggered is an unreliable\nhint used for optimization, this should only cause the driver temporarily\nsuggest that the device not send an interrupt notification when the event\nindex is used.\n\nFix this KCSAN reported data-race issue by explicitly tagging the access as\ndata_racy." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json new file mode 100644 index 00000000000..9a21f32f0ae --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38050", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.570", + "lastModified": "2025-06-18T10:15:37.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios\n\nA kernel crash was observed when replacing free hugetlb folios:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000028\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 28 UID: 0 PID: 29639 Comm: test_cma.sh Tainted 6.15.0-rc6-zp #41 PREEMPT(voluntary)\nRIP: 0010:alloc_and_dissolve_hugetlb_folio+0x1d/0x1f0\nRSP: 0018:ffffc9000b30fa90 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000342cca RCX: ffffea0043000000\nRDX: ffffc9000b30fb08 RSI: ffffea0043000000 RDI: 0000000000000000\nRBP: ffffc9000b30fb20 R08: 0000000000001000 R09: 0000000000000000\nR10: ffff88886f92eb00 R11: 0000000000000000 R12: ffffea0043000000\nR13: 0000000000000000 R14: 00000000010c0200 R15: 0000000000000004\nFS: 00007fcda5f14740(0000) GS:ffff8888ec1d8000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000028 CR3: 0000000391402000 CR4: 0000000000350ef0\nCall Trace:\n\n replace_free_hugepage_folios+0xb6/0x100\n alloc_contig_range_noprof+0x18a/0x590\n ? srso_return_thunk+0x5/0x5f\n ? down_read+0x12/0xa0\n ? srso_return_thunk+0x5/0x5f\n cma_range_alloc.constprop.0+0x131/0x290\n __cma_alloc+0xcf/0x2c0\n cma_alloc_write+0x43/0xb0\n simple_attr_write_xsigned.constprop.0.isra.0+0xb2/0x110\n debugfs_attr_write+0x46/0x70\n full_proxy_write+0x62/0xa0\n vfs_write+0xf8/0x420\n ? srso_return_thunk+0x5/0x5f\n ? filp_flush+0x86/0xa0\n ? srso_return_thunk+0x5/0x5f\n ? filp_close+0x1f/0x30\n ? srso_return_thunk+0x5/0x5f\n ? do_dup2+0xaf/0x160\n ? srso_return_thunk+0x5/0x5f\n ksys_write+0x65/0xe0\n do_syscall_64+0x64/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThere is a potential race between __update_and_free_hugetlb_folio() and\nreplace_free_hugepage_folios():\n\nCPU1 CPU2\n__update_and_free_hugetlb_folio replace_free_hugepage_folios\n folio_test_hugetlb(folio)\n -- It's still hugetlb folio.\n\n __folio_clear_hugetlb(folio)\n hugetlb_free_folio(folio)\n h = folio_hstate(folio)\n -- Here, h is NULL pointer\n\nWhen the above race condition occurs, folio_hstate(folio) returns NULL,\nand subsequent access to this NULL pointer will cause the system to crash.\nTo resolve this issue, execute folio_hstate(folio) under the protection\nof the hugetlb_lock lock, ensuring that folio_hstate(folio) does not\nreturn NULL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/113ed54ad276c352ee5ce109bdcf0df118a43bda", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e97283978a9848190d451f7038ac399613445f79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json new file mode 100644 index 00000000000..fd87279bdc2 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38051", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.693", + "lastModified": "2025-06-18T10:15:37.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b197931fbc821bc7e9e91bf619400db563e3338", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73cadde98f67f76c5eba00ac0b72c453383cec8b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9bea368648ac46f8593a780760362e40291d22a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c9aafbacc183598f064902365e107b5e856531f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a24c2f05ac3c5b0aaa539d9d913826d2643dfd0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7a8fe56e932a36f43e031b398aef92341bf5ea0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aee067e88d61eb72e966f094e4749c6b14e7008f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8623231e0edfcccb7cc6add0288fa0f0594282f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json new file mode 100644 index 00000000000..dcfa5593fc0 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38052", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.830", + "lastModified": "2025-06-18T10:15:37.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = &ctx->cryptd_tfm->base;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work)\n\nFix this by holding net reference count before encrypt." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4a0fddc2c0d5c28aec8c262ad4603be0bef1938c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/689a205cd968a1572ab561b0c4c2d50a10e9d3b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b19fc1d0be3c3397e5968fe2627f22e7f84673b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b8fcae6d2e93c54cacb8f579a77d827c1c643eb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e279024617134c94fd3e37470156534d5f2b3472", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5c2c4eaaa5a8e7e0685ec031d480e588e263e59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json new file mode 100644 index 00000000000..c9bac2876fc --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38053", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:37.953", + "lastModified": "2025-06-18T10:15:37.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix null-ptr-deref in idpf_features_check\n\nidpf_features_check is used to validate the TX packet. skb header\nlength is compared with the hardware supported value received from\nthe device control plane. The value is stored in the adapter structure\nand to access it, vport pointer is used. During reset all the vports\nare released and the vport pointer that the netdev private structure\npoints to is NULL.\n\nTo avoid null-ptr-deref, store the max header length value in netdev\nprivate structure. This also helps to cache the value and avoid\naccessing adapter pointer in hot path.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000068\n...\nRIP: 0010:idpf_features_check+0x6d/0xe0 [idpf]\nCall Trace:\n \n ? __die+0x23/0x70\n ? page_fault_oops+0x154/0x520\n ? exc_page_fault+0x76/0x190\n ? asm_exc_page_fault+0x26/0x30\n ? idpf_features_check+0x6d/0xe0 [idpf]\n netif_skb_features+0x88/0x310\n validate_xmit_skb+0x2a/0x2b0\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x19d/0x3a0\n __dev_queue_xmit+0xb74/0xe70\n ..." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2dabe349f7882ff1407a784d54d8541909329088", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf1e751c5a5611aa037ab44cca955c141eb68dcc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6f5e9c8cb680c3cb9771fd9fa114319cbc4f514", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json new file mode 100644 index 00000000000..3d28fb1e107 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38054", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.083", + "lastModified": "2025-06-18T10:15:38.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Limit signal/freq counts in summary output functions\n\nThe debugfs summary output could access uninitialized elements in\nthe freq_in[] and signal_out[] arrays, causing NULL pointer\ndereferences and triggering a kernel Oops (page_fault_oops).\nThis patch adds u8 fields (nr_freq_in, nr_signal_out) to track the\nnumber of initialized elements, with a maximum of 4 per array.\nThe summary output functions are updated to respect these limits,\npreventing out-of-bounds access and ensuring safe array handling.\n\nWiden the label variables because the change confuses GCC about\nmax length of the strings." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b7d3e782027ac3b6fec56159e8e348042000aef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9e455581e2ba87ee38c126e8dc49a424b9df0cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcad74f894ac89790084cc2e1ec61b08220941d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json new file mode 100644 index 00000000000..2cbc8de8c02 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38055", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.213", + "lastModified": "2025-06-18T10:15:38.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq\n\nCurrently, using PEBS-via-PT with a sample frequency instead of a sample\nperiod, causes a segfault. For example:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000195\n \n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0xca/0x290\n ? exc_page_fault+0x7e/0x1b0\n ? asm_exc_page_fault+0x26/0x30\n ? intel_pmu_pebs_event_update_no_drain+0x40/0x60\n ? intel_pmu_pebs_event_update_no_drain+0x32/0x60\n intel_pmu_drain_pebs_icl+0x333/0x350\n handle_pmi_common+0x272/0x3c0\n intel_pmu_handle_irq+0x10a/0x2e0\n perf_event_nmi_handler+0x2a/0x50\n\nThat happens because intel_pmu_pebs_event_update_no_drain() assumes all the\npebs_enabled bits represent counter indexes, which is not always the case.\nIn this particular case, bits 60 and 61 are set for PEBS-via-PT purposes.\n\nThe behaviour of PEBS-via-PT with sample frequency is questionable because\nalthough a PMI is generated (PEBS_PMI_AFTER_EACH_RECORD), the period is not\nadjusted anyway.\n\nPutting that aside, fix intel_pmu_pebs_event_update_no_drain() by passing\nthe mask of counter bits instead of 'size'. Note, prior to the Fixes\ncommit, 'size' would be limited to the maximum counter index, so the issue\nwas not hit." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b1874a5b1173fbcb2185ab828f4c33d067e551e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/99bcd91fabada0dbb1d5f0de44532d8008db93c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca51db23166767a8445deb8331c9b8d5205d9287", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json new file mode 100644 index 00000000000..5a9525dc038 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38056", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.340", + "lastModified": "2025-06-18T10:15:38.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Fix UAF when reloading module\n\nhda_generic_machine_select() appends -idisp to the tplg filename by\nallocating a new string with devm_kasprintf(), then stores the string\nright back into the global variable snd_soc_acpi_intel_hda_machines.\nWhen the module is unloaded, this memory is freed, resulting in a global\nvariable pointing to freed memory. Reloading the module then triggers\na use-after-free:\n\nBUG: KFENCE: use-after-free read in string+0x48/0xe0\n\nUse-after-free read at 0x00000000967e0109 (in kfence-#99):\n string+0x48/0xe0\n vsnprintf+0x329/0x6e0\n devm_kvasprintf+0x54/0xb0\n devm_kasprintf+0x58/0x80\n hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic]\n sof_probe_work+0x7f/0x600 [snd_sof]\n process_one_work+0x17b/0x330\n worker_thread+0x2ce/0x3f0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nkfence-#99: 0x00000000198a940f-0x00000000ace47d9d, size=64, cache=kmalloc-64\n\nallocated by task 333 on cpu 8 at 17.798069s (130.453553s ago):\n devm_kmalloc+0x52/0x120\n devm_kvasprintf+0x66/0xb0\n devm_kasprintf+0x58/0x80\n hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic]\n sof_probe_work+0x7f/0x600 [snd_sof]\n process_one_work+0x17b/0x330\n worker_thread+0x2ce/0x3f0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nfreed by task 1543 on cpu 4 at 141.586686s (6.665010s ago):\n release_nodes+0x43/0xb0\n devres_release_all+0x90/0xf0\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1c1/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x42/0xb0\n __do_sys_delete_module+0x1d1/0x310\n do_syscall_64+0x82/0x190\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it by copying the match array with devm_kmemdup_array() before we\nmodify it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b49e68360eb6a1c03dc1642a51f7d9f6784c034", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dd7f39fce0022b386ef1ea5ffef92ecc7dfc6af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f9670b2e81e8a3cbf2e1e757190dd0b920a9d43f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json new file mode 100644 index 00000000000..fc198937cff --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38057", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.477", + "lastModified": "2025-06-18T10:15:38.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: fix skb leaks\n\nA few error paths are missing a kfree_skb." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/28756f22de48d25256ed89234b66b9037a3f0157", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63c1f19a3be3169e51a5812d22a6d0c879414076", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb058693dfc93ed7a9c365adb899fedd648b9d9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json new file mode 100644 index 00000000000..c189f6ec9ab --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38058", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.590", + "lastModified": "2025-06-18T10:15:38.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see\nthat it's safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it'll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it's nowhere near common enough to bother\nwith." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/250cf3693060a5f803c5f1ddc082bb06b16112a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8cafd7266fa02e0863bacbf872fe635c0b9725eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b0915e72b3cf52474dcee0b24a2f99d93e604a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b55996939c71a3e1a38f3cdc6a8859797efc9083", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b89eb56a378b7b2c1176787fc228d0a57172bdd5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8ece4ced3b051e656c77180df2e69e19e24edc1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json new file mode 100644 index 00000000000..1bc719f498b --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38059", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.703", + "lastModified": "2025-06-18T10:15:38.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid csum tree\n\n[BUG]\nWhen trying read-only scrub on a btrfs with rescue=idatacsums mount\noption, it will crash with the following call trace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:btrfs_lookup_csums_bitmap+0x49/0x480 [btrfs]\n Call Trace:\n \n scrub_find_fill_first_stripe+0x35b/0x3d0 [btrfs]\n scrub_simple_mirror+0x175/0x290 [btrfs]\n scrub_stripe+0x5f7/0x6f0 [btrfs]\n scrub_chunk+0x9a/0x150 [btrfs]\n scrub_enumerate_chunks+0x333/0x660 [btrfs]\n btrfs_scrub_dev+0x23e/0x600 [btrfs]\n btrfs_ioctl+0x1dcf/0x2f80 [btrfs]\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[CAUSE]\nMount option \"rescue=idatacsums\" will completely skip loading the csum\ntree, so that any data read will not find any data csum thus we will\nignore data checksum verification.\n\nNormally call sites utilizing csum tree will check the fs state flag\nNO_DATA_CSUMS bit, but unfortunately scrub does not check that bit at all.\n\nThis results in scrub to call btrfs_search_slot() on a NULL pointer\nand triggered above crash.\n\n[FIX]\nCheck both extent and csum tree root before doing any tree search." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/50d0de59f66cbe6d597481e099bf1c70fd07e0a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e9770de024964b1017f99ee94f71967bd6edaeb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d35bed14b0bc95c6845863a3744ecd10b888c830", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f95d186255b319c48a365d47b69bd997fecb674e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json new file mode 100644 index 00000000000..efe50e22bcf --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38060", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.830", + "lastModified": "2025-06-18T10:15:38.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: copy_verifier_state() should copy 'loop_entry' field\n\nThe bpf_verifier_state.loop_entry state should be copied by\ncopy_verifier_state(). Otherwise, .loop_entry values from unrelated\nstates would poison env->cur_state.\n\nAdditionally, env->stack should not contain any states with\n.loop_entry != NULL. The states in env->stack are yet to be verified,\nwhile .loop_entry is set for states that reached an equivalent state.\nThis means that env->cur_state->loop_entry should always be NULL after\npop_stack().\n\nSee the selftest in the next commit for an example of the program that\nis not safe yet is accepted by verifier w/o this fix.\n\nThis change has some verification performance impact for selftests:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- -------------\narena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%)\narena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%)\narena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%)\niters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%)\niters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%)\niters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%)\nkmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%)\nverifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%)\nverifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)\n\nAnd significant negative impact for sched_ext:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------\nbpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%)\nbpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%)\nbpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%)\nbpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%)\nbpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%)\nbpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%)\nbpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%)\nbpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%)\nscx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%)\nscx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%)\nscx_qmap.bpf.o qmap_dispatch \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/46ba5757a7a4714e7d3f68cfe118208822cb3d78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8b4afd89fa75f738a80ca849126fd3cad77bcbf1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bbbc02b7445ebfda13e4847f4f1413c6480a85a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json new file mode 100644 index 00000000000..387fe400c73 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38061", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:38.960", + "lastModified": "2025-06-18T10:15:38.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/128cdb617a87767c29be43e4431129942fce41df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/425e64440ad0a2f03bdaf04be0ae53dededbaa77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5bfa81539e22af4c40ae5d43d7212253462383a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b1d3e9db82d01a88de1795b879df67c2116b4f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fef258b555c75a467a6b4b7e3a3cbc46d5f4102", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3d89f1cfe1e6d4bb164db2595511fd33db21900", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c81c2ee1c3b050ed5c4e92876590cc7a259183f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef1158a6a650ecee72ab40851b1d52e04d3f9cb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json new file mode 100644 index 00000000000..7b73c3cbdb2 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38062", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.080", + "lastModified": "2025-06-18T10:15:39.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f7df3a691740a7736bbc99dc4ed536120eb4746", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53f42776e435f63e5f8e61955e4c205dbfeaf524", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/856152eb91e67858a09e30a7149a1f29b04b7384", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba41e4e627db51d914444aee0b93eb67f31fa330", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e4d3763223c7b72ded53425207075e7453b4e3d5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json new file mode 100644 index 00000000000..ba2f24ccd68 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38063", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.207", + "lastModified": "2025-06-18T10:15:39.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash> bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don't allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2858cda9a8d95e6deee7e3b0a26adde696a9a4f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52aa28f7b1708d76e315d78b5ed397932a1a97c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88f7f56d16f568f19e1a695af34a7f4a6ce537a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95d08924335f3b6f4ea0b92ebfe4fe0731c502d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b55a97d1bd4083729a60d19beffe85d4c96680de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json new file mode 100644 index 00000000000..28c6c56b5de --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38064", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.340", + "lastModified": "2025-06-18T10:15:39.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8bd2fa086a04886798b505f28db4002525895203", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aee42f3d57bfa37b2716df4584edeecf63b9df4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json new file mode 100644 index 00000000000..9f0ea08a2cb --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38065", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.460", + "lastModified": "2025-06-18T10:15:39.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Do not truncate file size\n\n'len' is used to store the result of i_size_read(), so making 'len'\na size_t results in truncation to 4GiB on 32-bit systems." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/062e8093592fb866b8e016641a8b27feb6ac509d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/121f0335d91e46369bf55b5da4167d82b099a166", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/15602508ad2f923e228b9521960b4addcd27d9c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2323b806221e6268a4e17711bc72e2fc87c191a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/341e3a5984cf5761f3dab16029d7e9fb1641d5ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5111227d7f1f57f6804666b3abf780a23f44fc1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd918ec24168fe08c6aafc077dd3b6d88364c5cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ceaf195ed285b77791e29016ee6344b3ded609b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json new file mode 100644 index 00000000000..2621d19ee7b --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38066", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.620", + "lastModified": "2025-06-18T10:15:39.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: prevent BUG_ON by blocking retries on failed device resumes\n\nA cache device failing to resume due to mapping errors should not be\nretried, as the failure leaves a partially initialized policy object.\nRepeating the resume operation risks triggering BUG_ON when reloading\ncache mappings into the incomplete policy object.\n\nReproduce steps:\n\n1. create a cache metadata consisting of 512 or more cache blocks,\n with some mappings stored in the first array block of the mapping\n array. Here we use cache_restore v1.0 to build the metadata.\n\ncat <> cmeta.xml\n\n \n \n \n\nEOF\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ncache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2\ndmsetup remove cmeta\n\n2. wipe the second array block of the mapping array to simulate\n data degradations.\n\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n\n3. try bringing up the cache device. The resume is expected to fail\n due to the broken array block.\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndmsetup create cache --notable\ndmsetup load cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup resume cache\n\n4. try resuming the cache again. An unexpected BUG_ON is triggered\n while loading cache mappings.\n\ndmsetup resume cache\n\nKernel logs:\n\n(snip)\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-cache-policy-smq.c:752!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 332 Comm: dmsetup Not tainted 6.13.4 #3\nRIP: 0010:smq_load_mapping+0x3e5/0x570\n\nFix by disallowing resume operations for devices that failed the\ninitial attempt." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/00586b78eeb7c626a14ca13453a1631f88a7cf36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/025c8f477625eb39006ded650e7d027bcfb20e79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3986ef4a9b6a0d9c28bc325d8713beba5e67586f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5da692e2262b8f81993baa9592f57d12c2703dea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5356a5e80442131e2714d0d26bb110590e4e568", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c614584c2a66b538f469089ac089457a34590c14", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc80a5cc520939d0a7d071cc4ae4b3c55ef171d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3128e3074e8af565cc6a66fe3384a56df87f803", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json new file mode 100644 index 00000000000..94aa3631d64 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38067", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.780", + "lastModified": "2025-06-18T10:15:39.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrseq: Fix segfault on registration when rseq_cs is non-zero\n\nThe rseq_cs field is documented as being set to 0 by user-space prior to\nregistration, however this is not currently enforced by the kernel. This\ncan result in a segfault on return to user-space if the value stored in\nthe rseq_cs field doesn't point to a valid struct rseq_cs.\n\nThe correct solution to this would be to fail the rseq registration when\nthe rseq_cs field is non-zero. However, some older versions of glibc\nwill reuse the rseq area of previous threads without clearing the\nrseq_cs field and will also terminate the process if the rseq\nregistration fails in a secondary thread. This wasn't caught in testing\nbecause in this case the leftover rseq_cs does point to a valid struct\nrseq_cs.\n\nWhat we can do is clear the rseq_cs field on registration when it's\nnon-zero which will prevent segfaults on registration and won't break\nthe glibc versions that reuse rseq areas on thread creation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd881d0a085fc54354414aed990ccf05f282ba53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json new file mode 100644 index 00000000000..3414bba65bb --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38068", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:39.920", + "lastModified": "2025-06-18T10:15:39.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lzo - Fix compression buffer overrun\n\nUnlike the decompression code, the compression code in LZO never\nchecked for output overruns. It instead assumes that the caller\nalways provides enough buffer space, disregarding the buffer length\nprovided by the caller.\n\nAdd a safe compression interface that checks for the end of buffer\nbefore each write. Use the safe interface in crypto/lzo." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json new file mode 100644 index 00000000000..6720fd0d893 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38069", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.090", + "lastModified": "2025-06-18T10:15:40.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops\n\nFix a kernel oops found while testing the stm32_pcie Endpoint driver\nwith handling of PERST# deassertion:\n\nDuring EP initialization, pci_epf_test_alloc_space() allocates all BARs,\nwhich are further freed if epc_set_bar() fails (for instance, due to no\nfree inbound window).\n\nHowever, when pci_epc_set_bar() fails, the error path:\n\n pci_epc_set_bar() ->\n pci_epf_free_space()\n\ndoes not clear the previous assignment to epf_test->reg[bar].\n\nThen, if the host reboots, the PERST# deassertion restarts the BAR\nallocation sequence with the same allocation failure (no free inbound\nwindow), creating a double free situation since epf_test->reg[bar] was\ndeallocated and is still non-NULL.\n\nThus, make sure that pci_epf_alloc_space() and pci_epf_free_space()\ninvocations are symmetric, and as such, set epf_test->reg[bar] to NULL\nwhen memory is freed.\n\n[kwilczynski: commit log]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/934e9d137d937706004c325fa1474f9e3f1ba10a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json new file mode 100644 index 00000000000..02f107cd623 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38070", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.320", + "lastModified": "2025-06-18T10:15:40.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: Add NULL check in sma1307_setting_loaded()\n\nAll varibale allocated by kzalloc and devm_kzalloc could be NULL.\nMultiple pointer checks and their cleanup are added.\n\nThis issue is found by our static analysis tool" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ec6bd16705fe21d6429d6b8f7981eae2142bba8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8434b8ba437d3f6cbcd9ffe8405bd16ed28fc5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json new file mode 100644 index 00000000000..e9abb8ec647 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-38071", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.450", + "lastModified": "2025-06-18T10:15:40.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Check return value from memblock_phys_alloc_range()\n\nAt least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of\ncontiguous free memory available at this point, the kernel will crash\nand burn because memblock_phys_alloc_range() returns 0 on failure,\nwhich leads memblock_phys_free() to throw the first 4 MiB of physical\nmemory to the wolves.\n\nAt a minimum it should fail gracefully with a meaningful diagnostic,\nbut in fact everything seems to work fine without the weird reserve\nallocation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/631ca8909fd5c62b9fda9edda93924311a78a9c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c18c904d301ffeb33b071eadc55cd6131e1e9be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bffd5f2815c5234d609725cd0dc2f4bc5de2fc67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6f2694c580c27dca0cf7546ee9b4bfa6b940e38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dde4800d2b0f68b945fd81d4fc2d4a10ae25f743", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json new file mode 100644 index 00000000000..4f3da70e26a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38072", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.583", + "lastModified": "2025-06-18T10:15:40.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\n\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\n\nCode and flow:\n\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\n\ndrivers/cxl/pmem.c: .config_size = mds->lsa_size,\n\n3) max_xfer is set to zero (nvdimm driver):\n\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);\n\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\n\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c- config_size);\n\nFix this by checking the config size parameter by extending an\nexisting check." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json new file mode 100644 index 00000000000..411455022b4 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38073", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.720", + "lastModified": "2025-06-18T10:15:40.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix race between set_blocksize and read paths\n\nWith the new large sector size support, it's now the case that\nset_blocksize can change i_blksize and the folio order in a manner that\nconflicts with a concurrent reader and causes a kernel crash.\n\nSpecifically, let's say that udev-worker calls libblkid to detect the\nlabels on a block device. The read call can create an order-0 folio to\nread the first 4096 bytes from the disk. But then udev is preempted.\n\nNext, someone tries to mount an 8k-sectorsize filesystem from the same\nblock device. The filesystem calls set_blksize, which sets i_blksize to\n8192 and the minimum folio order to 1.\n\nNow udev resumes, still holding the order-0 folio it allocated. It then\ntries to schedule a read bio and do_mpage_readahead tries to create\nbufferheads for the folio. Unfortunately, blocks_per_folio == 0 because\nthe page size is 4096 but the blocksize is 8192 so no bufferheads are\nattached and the bh walk never sets bdev. We then submit the bio with a\nNULL block device and crash.\n\nTherefore, truncate the page cache after flushing but before updating\ni_blksize. However, that's not enough -- we also need to lock out file\nIO and page faults during the update. Take both the i_rwsem and the\ninvalidate_lock in exclusive mode for invalidations, and in shared mode\nfor read/write operations.\n\nI don't know if this is the correct fix, but xfs/259 found it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/64f505b08e0cfd8163491c8c082d4f47a88e51d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c5cf440a378801d313eb58be996fdc81a8878a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0e473a0d226479e8e925d5ba93f751d8df628e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json new file mode 100644 index 00000000000..6d29b711360 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38074", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.850", + "lastModified": "2025-06-18T10:15:40.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq->log_used with vq->mutex\n\nThe vhost-scsi completion path may access vq->log_base when vq->log_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-> vhost_add_used()\n -> vhost_add_used_n()\n if (unlikely(vq->log_used))\n QEMU disables vq->log_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(&vq->mutex);\n vq->log_used = false now!\n mutex_unlock(&vq->mutex);\n\n\t\t\t\t QEMU gfree(vq->log_base)\n log_used()\n -> log_write(vq->log_base)\n\nAssuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/bd8c9404e44adb9f6219c09b3409a61ab7ce3427", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0039e3afda29be469d29b3013d7f9bdee136834", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca85c2d0db5f8309832be45858b960d933c2131c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f591cf9fce724e5075cc67488c43c6e39e8cbe27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json new file mode 100644 index 00000000000..a57c234622c --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38075", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:40.980", + "lastModified": "2025-06-18T10:15:40.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe427f0d732ebc9f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e6429e3707943078240a2c0c0b3ee99ea9b0d9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad592fc0e2a54de35", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6815846e0c3a62116a7da9740e3a7c10edc5c7e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f533cc5ee4c4436cee51dc58e81dfd9c3384418", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87389bff743c55b6b85282de91109391f43e0814", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe8421e853ef289e1324fcda004751c89dd9c18a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json new file mode 100644 index 00000000000..41bf4cf9f2a --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-38076", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.110", + "lastModified": "2025-06-18T10:15:41.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nalloc_tag: allocate percpu counters for module tags dynamically\n\nWhen a module gets unloaded it checks whether any of its tags are still in\nuse and if so, we keep the memory containing module's allocation tags\nalive until all tags are unused. However percpu counters referenced by\nthe tags are freed by free_module(). This will lead to UAF if the memory\nallocated by a module is accessed after module was unloaded.\n\nTo fix this we allocate percpu counters for module allocation tags\ndynamically and we keep it alive for tags which are still in use after\nmodule unloading. This also removes the requirement of a larger\nPERCPU_MODULE_RESERVE when memory allocation profiling is enabled because\npercpu memory for counters does not need to be reserved anymore." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/12ca42c237756182aad8ab04654c952765cb9061", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3cc733e6d96c938d2b82be96858a0ab900eb6fdc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json new file mode 100644 index 00000000000..a1e98ce295f --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38077", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.240", + "lastModified": "2025-06-18T10:15:41.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()\n\nIf the 'buf' array received from the user contains an empty string, the\n'length' variable will be zero. Accessing the 'buf' array element with\nindex 'length - 1' will result in a buffer overflow.\n\nAdd a check for an empty string.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4e89a4077490f52cde652d17e32519b666abf3a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60bd13f8c4b3de2c910ae1cdbef85b9bbc9685f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8594a123cfa23d708582dc6fb36da34479ef8a5b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97066373ffd55bd9af0b512ff3dd1f647620a3dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f86465626917df3b8bdd2756ec0cc9d179c5af0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb7cde625872709b8cedad9b241e0ec3d82fa7d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json new file mode 100644 index 00000000000..bfe1931cbf1 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38078", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.380", + "lastModified": "2025-06-18T10:15:41.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime->dma_area. But this may\nlead to a UAF because the accessed runtime->dma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json new file mode 100644 index 00000000000..e4f3c2c94c3 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38079", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.510", + "lastModified": "2025-06-18T10:15:41.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json new file mode 100644 index 00000000000..a8bde0bcd45 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38080", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.647", + "lastModified": "2025-06-18T10:15:41.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase block_sequence array size\n\n[Why]\nIt's possible to generate more than 50 steps in hwss_build_fast_sequence,\nfor example with a 6-pipe asic where all pipes are in one MPC chain. This\noverflows the block_sequence buffer and corrupts block_sequence_steps,\ncausing a crash.\n\n[How]\nExpand block_sequence to 100 items. A naive upper bound on the possible\nnumber of steps for a 6-pipe asic, ignoring the potential for steps to be\nmutually exclusive, is 91 with current code, therefore 100 is sufficient." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a7810c212bcf2f722671dadf4b23ff70a7d23ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf1666072e7482317cf2302621766482a21a62c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de67e80ab48f1f23663831007a2fa3c1471a7757", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e55c5704b12eeea27e212bfab8f7e51ad3e8ac1f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json new file mode 100644 index 00000000000..8bdc0a776fd --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38081", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.767", + "lastModified": "2025-06-18T10:15:41.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi-rockchip: Fix register out of bounds access\n\nDo not write native chip select stuff for GPIO chip selects.\nGPIOs can be numbered much higher than native CS.\nAlso, it makes no sense." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a57c6a849895d6ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a874e8b54ea21094f7fd2d428b164394c6cb316", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1f255f48dd5fca90", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json new file mode 100644 index 00000000000..5e8ee98c996 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-38082", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-18T10:15:41.890", + "lastModified": "2025-06-18T10:15:41.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix potential out-of-bound write\n\nIf the caller wrote more characters, count is truncated to the max\navailable space in \"simple_write_to_buffer\". Check that the input\nsize does not exceed the buffer size. Write a zero termination\nafterwards." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7118be7c6072f40391923543fdd1563b8d56377c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afe090366f470f77e140ff3407db813f57852c04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b96feaaa0fda1e3871b438143c3446954b32d3a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-52xx/CVE-2025-5237.json b/CVE-2025/CVE-2025-52xx/CVE-2025-5237.json new file mode 100644 index 00000000000..af99edef54a --- /dev/null +++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5237.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5237", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-18T10:15:42.017", + "lastModified": "2025-06-18T10:15:42.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridShortcode.php#L221", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3309639/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/brid-video-easy-publish/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b10333f8-fd90-43a7-8404-71954ee29e47?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6086.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6086.json new file mode 100644 index 00000000000..96f9665295b --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6086.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6086", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-18T10:15:42.230", + "lastModified": "2025-06-18T10:15:42.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/csv-me/trunk/csv_me_index.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83bf3f3d-49f1-473a-a9ee-d78eb8981ad3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7ca74cdedf6..47dccd46ab3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-18T10:00:22.564295+00:00 +2025-06-18T12:00:25.203106+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-18T09:15:47.660000+00:00 +2025-06-18T11:15:54.417000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298260 +298640 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `380` -- [CVE-2025-1562](CVE-2025/CVE-2025-15xx/CVE-2025-1562.json) (`2025-06-18T08:15:28.987`) -- [CVE-2025-5981](CVE-2025/CVE-2025-59xx/CVE-2025-5981.json) (`2025-06-18T09:15:47.660`) +- [CVE-2025-38060](CVE-2025/CVE-2025-380xx/CVE-2025-38060.json) (`2025-06-18T10:15:38.830`) +- [CVE-2025-38061](CVE-2025/CVE-2025-380xx/CVE-2025-38061.json) (`2025-06-18T10:15:38.960`) +- [CVE-2025-38062](CVE-2025/CVE-2025-380xx/CVE-2025-38062.json) (`2025-06-18T10:15:39.080`) +- [CVE-2025-38063](CVE-2025/CVE-2025-380xx/CVE-2025-38063.json) (`2025-06-18T10:15:39.207`) +- [CVE-2025-38064](CVE-2025/CVE-2025-380xx/CVE-2025-38064.json) (`2025-06-18T10:15:39.340`) +- [CVE-2025-38065](CVE-2025/CVE-2025-380xx/CVE-2025-38065.json) (`2025-06-18T10:15:39.460`) +- [CVE-2025-38066](CVE-2025/CVE-2025-380xx/CVE-2025-38066.json) (`2025-06-18T10:15:39.620`) +- [CVE-2025-38067](CVE-2025/CVE-2025-380xx/CVE-2025-38067.json) (`2025-06-18T10:15:39.780`) +- [CVE-2025-38068](CVE-2025/CVE-2025-380xx/CVE-2025-38068.json) (`2025-06-18T10:15:39.920`) +- [CVE-2025-38069](CVE-2025/CVE-2025-380xx/CVE-2025-38069.json) (`2025-06-18T10:15:40.090`) +- [CVE-2025-38070](CVE-2025/CVE-2025-380xx/CVE-2025-38070.json) (`2025-06-18T10:15:40.320`) +- [CVE-2025-38071](CVE-2025/CVE-2025-380xx/CVE-2025-38071.json) (`2025-06-18T10:15:40.450`) +- [CVE-2025-38072](CVE-2025/CVE-2025-380xx/CVE-2025-38072.json) (`2025-06-18T10:15:40.583`) +- [CVE-2025-38073](CVE-2025/CVE-2025-380xx/CVE-2025-38073.json) (`2025-06-18T10:15:40.720`) +- [CVE-2025-38074](CVE-2025/CVE-2025-380xx/CVE-2025-38074.json) (`2025-06-18T10:15:40.850`) +- [CVE-2025-38075](CVE-2025/CVE-2025-380xx/CVE-2025-38075.json) (`2025-06-18T10:15:40.980`) +- [CVE-2025-38076](CVE-2025/CVE-2025-380xx/CVE-2025-38076.json) (`2025-06-18T10:15:41.110`) +- [CVE-2025-38077](CVE-2025/CVE-2025-380xx/CVE-2025-38077.json) (`2025-06-18T10:15:41.240`) +- [CVE-2025-38078](CVE-2025/CVE-2025-380xx/CVE-2025-38078.json) (`2025-06-18T10:15:41.380`) +- [CVE-2025-38079](CVE-2025/CVE-2025-380xx/CVE-2025-38079.json) (`2025-06-18T10:15:41.510`) +- [CVE-2025-38080](CVE-2025/CVE-2025-380xx/CVE-2025-38080.json) (`2025-06-18T10:15:41.647`) +- [CVE-2025-38081](CVE-2025/CVE-2025-380xx/CVE-2025-38081.json) (`2025-06-18T10:15:41.767`) +- [CVE-2025-38082](CVE-2025/CVE-2025-380xx/CVE-2025-38082.json) (`2025-06-18T10:15:41.890`) +- [CVE-2025-5237](CVE-2025/CVE-2025-52xx/CVE-2025-5237.json) (`2025-06-18T10:15:42.017`) +- [CVE-2025-6086](CVE-2025/CVE-2025-60xx/CVE-2025-6086.json) (`2025-06-18T10:15:42.230`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2022-1471](CVE-2022/CVE-2022-14xx/CVE-2022-1471.json) (`2025-06-18T09:15:47.243`) +- [CVE-2024-39780](CVE-2024/CVE-2024-397xx/CVE-2024-39780.json) (`2025-06-18T11:15:54.417`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8d6984eb5d6..3bffc8d18c8 100644 --- a/_state.csv +++ b/_state.csv @@ -189355,7 +189355,7 @@ CVE-2022-1467,0,0,4244fa85c07ce188281e2e68274dd3b1bddab19e609dae2da2a3f3e391a8c6 CVE-2022-1468,0,0,bc78f55881e01a6f023eb4f4498c5c9bb9f5e7012eb94752fc063ff4f1a2c8ec,2024-11-21T06:40:46.943000 CVE-2022-1469,0,0,7ffd0498f3a2f922b0a02ebb6229d13a6432911e6e35206695c7945f0a722e6f,2024-11-21T06:40:47.090000 CVE-2022-1470,0,0,5642de4bd55e594f5d5abdf5e790ace17eef364ea96e290fe8852a1dc073b82b,2024-11-21T06:40:47.200000 -CVE-2022-1471,0,1,07739a2dcf41438b07c0afd9039ff02073b4078d37371735ea774aea38fda7e4,2025-06-18T09:15:47.243000 +CVE-2022-1471,0,0,07739a2dcf41438b07c0afd9039ff02073b4078d37371735ea774aea38fda7e4,2025-06-18T09:15:47.243000 CVE-2022-1472,0,0,edb7e07a336c37fb964f0f209addd02630616647aaef0a97f2f250f838db2840,2024-11-21T06:40:47.477000 CVE-2022-1473,0,0,651f93b93ece2974f85deec109efd4323f7342c6df9846e3248acb59b12b31d0,2025-05-05T17:17:34.867000 CVE-2022-1474,0,0,b5586935a38e326f7385281cad87b285bdb53d4974e14a2e5d208fb1689388fa,2024-11-21T06:40:47.740000 @@ -214399,6 +214399,305 @@ CVE-2022-49930,0,0,33f7eb5e47678fc9b9828cd1ad44b3d63f91aaccf3270eebee5a5920cd46a CVE-2022-49931,0,0,97d878ba8b4b3597459a3272cbc497010dfc875a65fa30e38a4daca5d9472a13,2025-05-07T13:29:02.710000 CVE-2022-49932,0,0,d57d102aaa6deb7e73249ba645e7677d806be48db5293978a3a6b96da4fdb9fa,2025-05-05T20:54:45.973000 CVE-2022-49933,0,0,7c9fdc6dd7d4f35509d7fb1646e4dc94600aa08eadb29b6086ddf52a3274761d,2025-05-20T14:15:26.470000 +CVE-2022-49934,1,1,67ede41d59a824cce4af1486d0ef5642c496e1bd9b71eb178d7537ad3d0af78d,2025-06-18T11:15:19.400000 +CVE-2022-49935,1,1,b2d8485d72f19b9a25309292276520ec35754cefabd84c21f81f175af451f6e0,2025-06-18T11:15:20.340000 +CVE-2022-49936,1,1,fd6b1e96f899f63782317956e4adb14c8759bf8da8a7b0bd2337d8f85c802bd9,2025-06-18T11:15:20.450000 +CVE-2022-49937,1,1,182a74f71e1ffc9603535884796b368f3eb841a54959402bc915c0d0dd4ca033,2025-06-18T11:15:20.570000 +CVE-2022-49938,1,1,3098cfc03915075a634133130727810f7b26a57368cd47e24ca47b025f14f1ce,2025-06-18T11:15:20.683000 +CVE-2022-49939,1,1,0ebdb6530eff09ee4a1b57b5ef593690b8d3cf7e173da754cc823dde856f2d3b,2025-06-18T11:15:20.793000 +CVE-2022-49940,1,1,998a8fe7923fac787991760f3c806c16cc959f7ab44e25bc761a98986c65ae3e,2025-06-18T11:15:20.917000 +CVE-2022-49941,1,1,862f93563138324b498305b3b15e6fcdab7121d8661910e50221e05eb96feaa3,2025-06-18T11:15:21.030000 +CVE-2022-49942,1,1,d47cba6b36549df16f0ba650ba43b7a6e0a5e9ab48036ef7895e37cc3089081f,2025-06-18T11:15:21.147000 +CVE-2022-49943,1,1,67190db2dd8834d7166f7bf3ee58f50790e5357140462884a642df1d06a90514,2025-06-18T11:15:21.267000 +CVE-2022-49944,1,1,ff6a25449aa8e123a3721b13e2e0bacff876f2223f96731c37b0cbbbbc29b1c3,2025-06-18T11:15:21.377000 +CVE-2022-49945,1,1,fe2322f0ede0039200d8b1a49049a7067ef4f749a0dd167d33116639ebec695c,2025-06-18T11:15:21.483000 +CVE-2022-49946,1,1,6a4e2175d44af8f036a16bc85b240f9d1246d5dcd9722d9f8f84f63a0b2686ce,2025-06-18T11:15:21.610000 +CVE-2022-49947,1,1,6cd162d7d9986acee49906edb8e2ff2c328d332c151b0f936c4941f0cfaa8c04,2025-06-18T11:15:21.717000 +CVE-2022-49948,1,1,d60c166aeb45dbeea9e90819445843b89f0112b1b451ab640c1d2924f2654af1,2025-06-18T11:15:21.827000 +CVE-2022-49949,1,1,92b1a783fc47fe0ed0aec40ffe7216b5aad6a8b518f5be582769d415567b57b0,2025-06-18T11:15:21.947000 +CVE-2022-49950,1,1,232967fd658d29be2af82f44bb0d3d0867559d06083857c24e0b292cc0383639,2025-06-18T11:15:22.050000 +CVE-2022-49951,1,1,b6e133be18d7ceb65f74782b8ae0c28c30c05f6a04b3e6e42581bfad30461a9f,2025-06-18T11:15:22.167000 +CVE-2022-49952,1,1,6bb3226d91deab49f6f59cefd57b3bd58b8e5d36a67aad5586d4a57b31d8c888,2025-06-18T11:15:22.277000 +CVE-2022-49953,1,1,d523797ba11e0f0349e2b725734d9bcd01a7a1f685390144d8624b22c9b85352,2025-06-18T11:15:22.397000 +CVE-2022-49954,1,1,4823270d8bfbf8187c54216b6f0cbf4b473c3dba15e8dc0fff562bc2979c7270,2025-06-18T11:15:22.500000 +CVE-2022-49955,1,1,cb9fb8dfea8f20e6db27a22d51fbeed1041e99a0a1ae69ca0c892e9ef5c3b40d,2025-06-18T11:15:22.630000 +CVE-2022-49956,1,1,c3fa94fd6e30659662c40a3d114575b33454efc99eba40d21765f01eb649a780,2025-06-18T11:15:22.773000 +CVE-2022-49957,1,1,ce6edd241bba863d9a0d3e5e63564792638fe1494d7ddf58dce8dad8b1500cb5,2025-06-18T11:15:22.897000 +CVE-2022-49958,1,1,221f6da9145dd69130822171dfcdc3476430fe97f71c21ab7b02aa99ac3fa539,2025-06-18T11:15:23.013000 +CVE-2022-49959,1,1,6042c36b1de7148060d2328d8cf98a871334654750a872810ae7baa9c6d7f622,2025-06-18T11:15:23.127000 +CVE-2022-49960,1,1,054a14c599f852d1ba383200fc6669fb60c1ada1f86b96025859fde8a860f26b,2025-06-18T11:15:23.237000 +CVE-2022-49961,1,1,156ee7db672f256ddf2a87884de99008c232e50e8456c7969f0b4f6768f10bf7,2025-06-18T11:15:23.347000 +CVE-2022-49962,1,1,c2fd45fc7e5b21b6c7396407726537c0fa6dd49b7f953be2ccdb42952daff061,2025-06-18T11:15:23.457000 +CVE-2022-49963,1,1,43322449516ad557dad82fe98587b41efab1fe45017e81a6e7c39129d160db04,2025-06-18T11:15:23.570000 +CVE-2022-49964,1,1,8733a00f95a35cd1adfaaaf4997fd435f9d68ca96081bc3b2d967a1f0a2fd8f0,2025-06-18T11:15:23.677000 +CVE-2022-49965,1,1,edfd843a29d8d84d4f4f1c768ce6989ea512e5a9f3ff255bbad36c472f181f5a,2025-06-18T11:15:23.797000 +CVE-2022-49966,1,1,ebffabf29ac1e7ec182f71a363d8612a56983c847b35d8c3c74af09dc2d0adab,2025-06-18T11:15:23.903000 +CVE-2022-49967,1,1,55fe870f3326abc3be787fd3911f0b5d2af3aefcdbb22738f56447caf04fefba,2025-06-18T11:15:24.013000 +CVE-2022-49968,1,1,31b19bfe93af78dd6a320562ce1602df4893f9637d3182a725c4543ba570bd79,2025-06-18T11:15:24.123000 +CVE-2022-49969,1,1,54c111d634b14fd98d08161cecfe01ca58d4bf2a78480889aea464d730847982,2025-06-18T11:15:24.237000 +CVE-2022-49970,1,1,267216e13b80874b5e5ff635e35c92d7b4015c0366374e1ad4564a68f2b31dcf,2025-06-18T11:15:24.357000 +CVE-2022-49971,1,1,95245409bb9b01a5297a98e4e8bce6ab9dd3ea745d38c7d7e35ecc6ec74161f9,2025-06-18T11:15:24.473000 +CVE-2022-49972,1,1,01ebd378dda977df1c5383c87894d29056187c3e1692fb532650ddfd08e65826,2025-06-18T11:15:24.570000 +CVE-2022-49973,1,1,19a84ee0db2d816a99c37e7870c9817024ea1d651a62d58634bc5dfb20da92f8,2025-06-18T11:15:24.673000 +CVE-2022-49974,1,1,74f34df8e69a17dfc17ee7455ebcaeeb1e632c4d7b5bbe9ef4eab2d588185b0c,2025-06-18T11:15:24.783000 +CVE-2022-49975,1,1,a86fb2df07e8b20482443f437a4f2f163bfb0f55f1802c7c48397e218ee19753,2025-06-18T11:15:24.893000 +CVE-2022-49976,1,1,2bfe7c30753c1e9b447d02dbf102ef1febce276514a87866e3c9bb39c42bba1b,2025-06-18T11:15:25.007000 +CVE-2022-49977,1,1,58f1d9d24e498d17650f3c3f6b3627b931ffbfc9e59b53415fc21b48ec177461,2025-06-18T11:15:25.120000 +CVE-2022-49978,1,1,4214393165e3d032a1ed543f783f12178f86e57753753dbbe177c79ac98d739e,2025-06-18T11:15:25.243000 +CVE-2022-49979,1,1,e7fb2e267ee12d5ba3aa22053e5fc3ca1c7ea417baaf61a81c0dff136391a0a3,2025-06-18T11:15:25.363000 +CVE-2022-49980,1,1,6d44c99c7295d2367776bb2c6c9e9d47d7ed35d1a6c61da19df0b552e5d36025,2025-06-18T11:15:25.480000 +CVE-2022-49981,1,1,372e528ed2951c7242652e83d5123657e1ded713e674d9f8b6e4bbc7c46e243b,2025-06-18T11:15:25.597000 +CVE-2022-49982,1,1,49e331bf495053b9d1d92d491440229df6105106721414182090f716919816cd,2025-06-18T11:15:25.720000 +CVE-2022-49983,1,1,5f28a8b03bd0debaa430c7292f56df957c32d52036da21612ba1960833d03336,2025-06-18T11:15:25.840000 +CVE-2022-49984,1,1,de48d38fbe547bd105683f4babc60ff67ed4f57f824fb7d1875e83ec51f80af7,2025-06-18T11:15:25.953000 +CVE-2022-49985,1,1,45598797529221057048405b6d805fae049aed30d4b7f2d4892e514e9f10074d,2025-06-18T11:15:26.067000 +CVE-2022-49986,1,1,10ebca4272cec766170ccc2b46e8a11dd4af85de905cec2720dcf45bb58f0eaa,2025-06-18T11:15:26.183000 +CVE-2022-49987,1,1,723b4964c6e49f87394218a8ec684a8b0cd0cb658ce12895b59e75a23d91e24a,2025-06-18T11:15:26.303000 +CVE-2022-49988,1,1,f7be12b909d70db1805049b2aa7404dca862c6c3d6dbf5d3e832c2ecc5c0941d,2025-06-18T11:15:26.420000 +CVE-2022-49989,1,1,8e9ba3589893ca9bc8bf29af5a16106e9d81111b2bd64e2c3f5982cdd3e8f32e,2025-06-18T11:15:26.530000 +CVE-2022-49990,1,1,c881fa022d41eb488ed3112d01561ba7de8e50858199b251b46245dd30cc5c35,2025-06-18T11:15:26.637000 +CVE-2022-49991,1,1,352c80932960e12f067ce25b938920c75cdb864e38dd39b87904be2ba72f3f7d,2025-06-18T11:15:26.753000 +CVE-2022-49992,1,1,60304ed024e24fab4be068b21838e340073483ad8a86e36ba97cd5367b4dbf3d,2025-06-18T11:15:26.870000 +CVE-2022-49993,1,1,69132e1e4c34644390054ef86932d97ce6c041b942544a0542d3f63d2c380363,2025-06-18T11:15:26.977000 +CVE-2022-49994,1,1,30b5ebfbe59892ca18132be2cf0cac61b1e3d8e892dcc3ae5a63d81294686194,2025-06-18T11:15:27.107000 +CVE-2022-49995,1,1,85baabe16483e02918dc2f67e7d0344a5c732dc40c42d5b9f8453020038233b3,2025-06-18T11:15:27.227000 +CVE-2022-49996,1,1,c9ca2d81f03b6a7f59567b88bb8e7dcd45fd4592278bdab54e53de5975fe4ab3,2025-06-18T11:15:27.337000 +CVE-2022-49997,1,1,5971feb59c4288dbf2ca26f902b937511673dd6d26b93fd6e16748b0b5be12de,2025-06-18T11:15:27.447000 +CVE-2022-49998,1,1,db579c2cbea5dc07fbc418e0d292e376ece1bbdfe037feade58c729099ecab0e,2025-06-18T11:15:27.557000 +CVE-2022-49999,1,1,e9239cb36bbc07957c1a7f66c57bd0915bae1e7da43ef279cde3659028b27ba3,2025-06-18T11:15:27.673000 +CVE-2022-50000,1,1,fb25e8b25dabc912def3c1809a394344b901ef95dd5a40657d66687bb535da62,2025-06-18T11:15:27.817000 +CVE-2022-50001,1,1,1ade7bf0ef9d29cef64b0db20e66d776621ffff809ed98cfa5a452e0fb57c140,2025-06-18T11:15:27.950000 +CVE-2022-50002,1,1,bbf8b7df26bb79145bddaa1743a335b9780304ecf527930df95221aeb4470cc8,2025-06-18T11:15:28.063000 +CVE-2022-50003,1,1,b188253ee5268815a04465f0bee725d585db0b9579c22b591968b9f4786e3603,2025-06-18T11:15:28.173000 +CVE-2022-50004,1,1,922e8ce9306eaa83028ac931192e22f672417bb2fa258b599b47ae638a3ada87,2025-06-18T11:15:28.287000 +CVE-2022-50005,1,1,48822268cf6cef6dbd487fd3f6f256d5085cbb0d8d0cd92c5b47e8d03ae5982a,2025-06-18T11:15:28.397000 +CVE-2022-50006,1,1,0f887e5dbf91618722d01df0c48d4c73c859251071b3c76d7f0354fce6fe449d,2025-06-18T11:15:28.503000 +CVE-2022-50007,1,1,a4da94d734e7cd19dd994c33a213777df2413c07319a2e40a3664c3460e750bc,2025-06-18T11:15:28.617000 +CVE-2022-50008,1,1,feedbc383ef5fdfc08215b6ca6443367f41f978cfc0dc9b18c07de015ae91125,2025-06-18T11:15:28.737000 +CVE-2022-50009,1,1,24f60237a55eba2ac4605ce4eb5a327d38103fa07c9a823fd841cbce9b65c944,2025-06-18T11:15:28.857000 +CVE-2022-50010,1,1,2221874ce87b4260694507b6e7280b684d1e7698352a7caf23e77554d80d3b06,2025-06-18T11:15:28.970000 +CVE-2022-50011,1,1,5933dc78133049298b4c3d029a46a1c721b530928749fa95f33aab83fdf98c5d,2025-06-18T11:15:29.093000 +CVE-2022-50012,1,1,328f30aebd5f4c3cf2325d8fc1c277e704a1dce713bdb8d194853227531f93ac,2025-06-18T11:15:29.213000 +CVE-2022-50013,1,1,e1f9a50cd643387ceb9b8ce14a105cc9dfacb4326828e229c1d4c9b652a4a8a2,2025-06-18T11:15:29.340000 +CVE-2022-50014,1,1,c0f886006d4567dcd94f6980cbdabc311df8dd3b339b35cca4ad1e400563abc6,2025-06-18T11:15:29.470000 +CVE-2022-50015,1,1,09d6baed9c1ce2e093c08247ef33347f4f89a76681bc617ba30735174ce75282,2025-06-18T11:15:29.593000 +CVE-2022-50016,1,1,7cc0c0235fdc27caa0d2e81f067cb717708192ceff8025de965e011c8ecf56c6,2025-06-18T11:15:29.700000 +CVE-2022-50017,1,1,8b6d6a75522aa8b46060d9801c064a3bc88f6993785fd02c47dcd6ce8bf308fe,2025-06-18T11:15:29.807000 +CVE-2022-50018,1,1,b2d220221bcde9634d973156ade80b9fc355fbab5e433b21373fe8d33ae81f09,2025-06-18T11:15:29.923000 +CVE-2022-50019,1,1,442b989a93be3ae686d4137a6df2bb7919325476f18fdecd947f9ef340813b8c,2025-06-18T11:15:30.030000 +CVE-2022-50020,1,1,ae545a8dd0c5e830d6c1e398c27d324b7a222503d1c0c712799ffbbad480c486,2025-06-18T11:15:30.150000 +CVE-2022-50021,1,1,fecfeabb211667e5af2eee5c54450038f649c0b15af0bd6857ab0d4335817854,2025-06-18T11:15:30.280000 +CVE-2022-50022,1,1,a00e144c2cc0c696939989387c099ae7511db8f81914e706874483f7b08dbdfb,2025-06-18T11:15:30.390000 +CVE-2022-50023,1,1,ad40daa5bc379bd5e0870135c0a6a0e85bfa67b9e889cc9126781609c5839dc2,2025-06-18T11:15:30.530000 +CVE-2022-50024,1,1,1280d6046372488e3ad4b5117553d03e279d8056452049bad7f92fa03b756a99,2025-06-18T11:15:30.650000 +CVE-2022-50025,1,1,1f4a707ae2cab4c97ec53c6f0c28b2277229fa190eb724aa57a61bb2776643ff,2025-06-18T11:15:30.760000 +CVE-2022-50026,1,1,444bbbf5b0188cb9f86211ace51f91d5780241a3d02bb9e624a05c7a55076923,2025-06-18T11:15:30.880000 +CVE-2022-50027,1,1,50b74bcd7d716791639038fd21e205c7bd995ec3faeb147de8ba1ab73667e346,2025-06-18T11:15:30.990000 +CVE-2022-50028,1,1,39be548056ad79acd4a88caf0fe5c807241695941dde678d8fc4183565011aa5,2025-06-18T11:15:31.097000 +CVE-2022-50029,1,1,3055da61f6abc2d1e6a8883ed4298e1ab0d171562dfa0cdadd208d38ec40b656,2025-06-18T11:15:31.220000 +CVE-2022-50030,1,1,7260c8478204c1dc5c224e9f7368cb81ff11a58a964f69f321ddfa01affba754,2025-06-18T11:15:31.340000 +CVE-2022-50031,1,1,bf5570a05010e2c9817dfe15c1452c8d673c0584b98c9a42d38d3c43104a3589,2025-06-18T11:15:31.450000 +CVE-2022-50032,1,1,72d9a6e9e00b66bc8054630f27d9b10e74a8a699fd0072dd5aa20f204ded1841,2025-06-18T11:15:31.557000 +CVE-2022-50033,1,1,b1ac6239202d421b22967065d9ec83d7f38224c11f2a5fcacef9db01dbcf0ec5,2025-06-18T11:15:31.677000 +CVE-2022-50034,1,1,56b417cab5ce7ebe7eb9014fd24e3acf348573985110b0cbd4a212539cff63d6,2025-06-18T11:15:31.790000 +CVE-2022-50035,1,1,1c7fd74e0fed4158cbb7533411b85accc8c1eee93a2c37dc69a0c8840ae7f6de,2025-06-18T11:15:31.897000 +CVE-2022-50036,1,1,aea9042a4b0c7945c5d6ef5767715cf7b02a7553f5b88981ba84a1b3b80f4a56,2025-06-18T11:15:32.003000 +CVE-2022-50037,1,1,bfd3b964617ef633897ad0552398188c15c5465ca35755dd7df127420119a320,2025-06-18T11:15:32.117000 +CVE-2022-50038,1,1,f5e393065519d7ead0f953b5ed02996b2c9062d9038a1f8d6495d246c5c1ecb8,2025-06-18T11:15:32.220000 +CVE-2022-50039,1,1,973a32fb839887dd6b3c4414497ce15c32fe9ae5ae481619bb395f0c8064aea9,2025-06-18T11:15:32.337000 +CVE-2022-50040,1,1,1aa3af6cd2f637a139f9b78a922ea5338a2b33cabef8e905badc99709da78737,2025-06-18T11:15:32.450000 +CVE-2022-50041,1,1,f67200f1a0927fadf77731ddea0dc35937a22b256644e58a9867532e1d3391b1,2025-06-18T11:15:32.560000 +CVE-2022-50042,1,1,36d89fb402ac3233f3ef09fa577d70854ce2dcc8d33938d944345077948db93b,2025-06-18T11:15:32.673000 +CVE-2022-50043,1,1,822a045add978fc28ca1aaa9aeca5bfd4bc5fcf02acc5ddd043e82fe6c8b4d90,2025-06-18T11:15:32.787000 +CVE-2022-50044,1,1,2d7d15278ff785ce208f3598f0b1498ae1dfac8f1dece4898f900e17be00ab88,2025-06-18T11:15:32.897000 +CVE-2022-50045,1,1,2285a9dfcbc765d93cba0ee90a6446a71e4eb8e3faa183d39b94a9a9c631c00e,2025-06-18T11:15:33.050000 +CVE-2022-50046,1,1,019f3536df9963f565ee3b7d7b95f59d6f0c968be23d4a9fddf1eb3e3d8a3868,2025-06-18T11:15:33.170000 +CVE-2022-50047,1,1,a040b1ada24865f6d4053a69195d2f79cd1a4c1531acd7d551384f70deabdcb7,2025-06-18T11:15:33.280000 +CVE-2022-50048,1,1,527ce073c963e4e32704f8319bb3f946894750aa8575836703610a0290be0fd4,2025-06-18T11:15:33.393000 +CVE-2022-50049,1,1,eaf0d27f392ba0dea494ccbebfc237a63af162386d3346e9ce9203fbc2eba9c7,2025-06-18T11:15:33.500000 +CVE-2022-50050,1,1,fc2fdca8ce49e04b7e6268c26b9a97f40b49b6b1e0d7cf1fb742096712e13f41,2025-06-18T11:15:33.613000 +CVE-2022-50051,1,1,37963da8f6fb8b4e2d2e1b203b78b6034c4ebed4ff13e0048100081052c85c34,2025-06-18T11:15:33.723000 +CVE-2022-50052,1,1,212934dd943e9087085ad5fdec5f4bc9a68fdf7980653df5eb01d8924b3a29f5,2025-06-18T11:15:33.833000 +CVE-2022-50053,1,1,125e839f0dc3e03230aa15ea3619b3dfd637cd1e03c46613f60965c09a89bb42,2025-06-18T11:15:33.940000 +CVE-2022-50054,1,1,70bc3f1eb8d3e5d6d2c2ead42f162cd82ec8f4b1824fa7ef760b9ab200de087f,2025-06-18T11:15:34.050000 +CVE-2022-50055,1,1,3f8bdfcfa3e8915cb7c76b5d1076ec026e56d0c4a6e6839ab320011322761819,2025-06-18T11:15:34.160000 +CVE-2022-50056,1,1,1e9d8338c125f5d881cdb0a3a7a5d4d305f386cd18e46338f0d60fb76e989253,2025-06-18T11:15:34.277000 +CVE-2022-50057,1,1,58376c0c7b7c2835aec2634aac6d86e5caca188ebeb81ba15ae8a7d225ee822a,2025-06-18T11:15:34.387000 +CVE-2022-50058,1,1,36060534a842c172fdae7a8d347cf90aff1e4dd4ed981c07f912e3edbe38ad86,2025-06-18T11:15:34.497000 +CVE-2022-50059,1,1,b112a2c57a7678fff02dbbf15f71a958d8909bc17e673752c53924637ca21c65,2025-06-18T11:15:34.600000 +CVE-2022-50060,1,1,f5b68f56fa7caa2aae9f0b019dbccfd8e21947f6efc35865cce310c61564d9af,2025-06-18T11:15:34.710000 +CVE-2022-50061,1,1,4540b3c8299a1b5afd35b7c095fd23272e0a32da876a719b58390c252f4aabf0,2025-06-18T11:15:34.817000 +CVE-2022-50062,1,1,f8d581a45e44e6b6390307e70fcc312d4cc4e14b8c6411589e64b16513abda1a,2025-06-18T11:15:34.930000 +CVE-2022-50063,1,1,a9a0eedaecf0ca955ac9a6826875285b25b453ff82653bd68e08536a1e660d25,2025-06-18T11:15:35.047000 +CVE-2022-50064,1,1,4834930704c8128e759570948882cd0fc62690338da3ec81528c99d5fe725693,2025-06-18T11:15:35.157000 +CVE-2022-50065,1,1,bb7f91d57e5a9f7e7f089e1d501d954b8ffc7c34ab5a1d0d801cebe8f6e77e02,2025-06-18T11:15:35.267000 +CVE-2022-50066,1,1,7ae53e9959483ed68c90125ae2ff9786797218ee206ef0c958aee469372f6e61,2025-06-18T11:15:35.377000 +CVE-2022-50067,1,1,c357f987c888037cbc70e23169b8afd96646fe141f566ac3ac78bc1793b1823f,2025-06-18T11:15:35.490000 +CVE-2022-50068,1,1,ac7638aee984a721c2acae20b6e7fd612e67489c9f4247a435543f2199922507,2025-06-18T11:15:35.620000 +CVE-2022-50069,1,1,7521313470c8cf64b17390092e15119d21cfaf44c81f0cfddaaad7e3c76202a2,2025-06-18T11:15:35.733000 +CVE-2022-50070,1,1,f86a3cb568385e292a16af7588296052b4d2a368e7c7d4c1e245e1f5a9820a75,2025-06-18T11:15:35.843000 +CVE-2022-50071,1,1,ff8379b00276e85b83ba6d20f3efc5cc38c97b7def91eefa229928eb16c55dcd,2025-06-18T11:15:35.950000 +CVE-2022-50072,1,1,f5700bc181c0709dfa2ae47bae894ada83d1a71511612ca21f5ff93dcf1c266b,2025-06-18T11:15:36.057000 +CVE-2022-50073,1,1,07f087a1db479fbb0cd8e2adfb87193f012a58d39588bda34a02fc2423ccd066,2025-06-18T11:15:36.173000 +CVE-2022-50074,1,1,b16bf54213fc99482bc2c730f6c6b09b5a09f0937024a27057e678b301f617a2,2025-06-18T11:15:36.283000 +CVE-2022-50075,1,1,8e8b6d437f5137e77cb8635604279a0fba795e89335e67cec1e7632480a717e8,2025-06-18T11:15:36.397000 +CVE-2022-50076,1,1,f5f736d376d7f8ee17d96ba228aa0a577459b9896a97e127f56bc9225b825c98,2025-06-18T11:15:36.513000 +CVE-2022-50077,1,1,78ecd0b328c0fe8599db3bdf152f9774ae06952f525820dff56dddd907125560,2025-06-18T11:15:36.627000 +CVE-2022-50078,1,1,a125cb182c054e5333b3a2119cc313f9c91948f7b620a8a2e336849baf001403,2025-06-18T11:15:36.753000 +CVE-2022-50079,1,1,27fae849dea4cd2817e930308f3b44c7362a4799400d8cd26b9a8ff682cff919,2025-06-18T11:15:36.873000 +CVE-2022-50080,1,1,5e3d050f9ccfac15a72be60b0d6bf53965381141845e7d985730bdf10c02c271,2025-06-18T11:15:36.980000 +CVE-2022-50081,1,1,9833036ad34d42c69b44ef2de1f69a35137f1bbe63bf83c6c2a330f56f9cb98d,2025-06-18T11:15:37.103000 +CVE-2022-50082,1,1,5cb4974388b0ef51612fae5a41f957123661c69af6143c11f93987322f504fda,2025-06-18T11:15:37.223000 +CVE-2022-50083,1,1,5ad4fd94446cb2738434c673a041a880696d0a928751a122b1cc633604acdc88,2025-06-18T11:15:37.340000 +CVE-2022-50084,1,1,f99eae53bd422e340a90bcfc1d6ee8cff677c1e5f9b574e99cb9d9fca4d18f03,2025-06-18T11:15:37.460000 +CVE-2022-50085,1,1,4b0877c2ccace1bad3d81d12f8c2821f7abe048d73ca457c4234de774669d97a,2025-06-18T11:15:37.577000 +CVE-2022-50086,1,1,e92c7034f034b91e9e2b9b4a6228325d4c49d3a23de2df809c19be7ac839b427,2025-06-18T11:15:37.690000 +CVE-2022-50087,1,1,2b27e011e17d9a6ac4c1c5ab78c721633b7609144d905668879ba8cc811d88dc,2025-06-18T11:15:37.803000 +CVE-2022-50088,1,1,e540de9f337713c1f69ffd7a97591ecafc17433a60a1197cc3fb66194423b8d9,2025-06-18T11:15:37.917000 +CVE-2022-50089,1,1,7dd3240935f386b929e827fd90e5457b1b58d7ad8b82fcbd0656d01381784cab,2025-06-18T11:15:38.023000 +CVE-2022-50090,1,1,149e04af7bedba15b02baf6bc6347c76df9565c8c3f19947cd97521fe90964b7,2025-06-18T11:15:38.153000 +CVE-2022-50091,1,1,da491b93c1ab7a8ff294350e72db24fd04350e6203aeea357f032a7c90415c1c,2025-06-18T11:15:38.277000 +CVE-2022-50092,1,1,6083a24c9621eec107611c36cad5d7929556ad7b7ca5fb1e0356ad03ecd784c2,2025-06-18T11:15:38.383000 +CVE-2022-50093,1,1,8b7e0ba5c42966711eb78feb8bef296b11e9b99f452d0ed5435668f5fc2e0d95,2025-06-18T11:15:38.497000 +CVE-2022-50094,1,1,81c9120e9f216e15e9b0ab649485bd538b3c6531fec46ad2aaf788a6e6fefba5,2025-06-18T11:15:38.620000 +CVE-2022-50095,1,1,1d78aeeaa0c8428075a0ada1a918c590b40f144245ac956cb1ede3c27d6a2c0a,2025-06-18T11:15:38.740000 +CVE-2022-50096,1,1,06775b9dda7326db0300de1a3447b574902914f630aefe7d04f8cbf23585827b,2025-06-18T11:15:38.850000 +CVE-2022-50097,1,1,4073ac9ebd9592f74d812333bc9588f418333256710dffac243bac90dbbb530b,2025-06-18T11:15:38.963000 +CVE-2022-50098,1,1,0845d9de66ed0769ecf6795b7a5a08e454651c5c360d0ee63ba6da8e9fd85504,2025-06-18T11:15:39.083000 +CVE-2022-50099,1,1,0adec2c67e7d5d40b270d47b4c47958460a87a4f8da22ae4085a281deb01a0d9,2025-06-18T11:15:39.200000 +CVE-2022-50100,1,1,618704e9a5c26ffbee550b9cd3c14e2daf5c74a454eb90adb6032bd6bb6a9f5a,2025-06-18T11:15:39.320000 +CVE-2022-50101,1,1,e87a0f7fe3df492882076c8177de2f5562584d3e118334b5212b2fbd4a75bbc5,2025-06-18T11:15:39.437000 +CVE-2022-50102,1,1,b5e606d99509c96f04e9a3a873027c9ffeaed95ac043198879301430aacceb56,2025-06-18T11:15:39.553000 +CVE-2022-50103,1,1,cdeef1c52e31b38d4782d15c50a6dcf62b6d2e042bb4a6b1ed6cc95f6764aa35,2025-06-18T11:15:39.670000 +CVE-2022-50104,1,1,d476a65b3ec446ab857c1cc2d872db1f75c22a83a59d311d5921d958bf374e45,2025-06-18T11:15:39.787000 +CVE-2022-50105,1,1,1d226ce6cdb0c059f28a95b18f2c166986582a1b49544683483faa48e3320c83,2025-06-18T11:15:39.900000 +CVE-2022-50106,1,1,3799f04e0648eb6eb9b819365a34ce3044fe81949c4a5e1fad34d2cb4db82d08,2025-06-18T11:15:40.023000 +CVE-2022-50107,1,1,c6a55aababe56a4714a38b3a97d6bb7c09b22c233eac94c190ab638c6482df71,2025-06-18T11:15:40.140000 +CVE-2022-50108,1,1,ad5ed795f5d51990b480ac11f399e9b43ffdfca912fd328fdb0a294fbcc053e2,2025-06-18T11:15:40.263000 +CVE-2022-50109,1,1,c686d4ee9e5c9744a94cf6cc4da720f5c44a596db9897b41e70b31cee73788b6,2025-06-18T11:15:40.397000 +CVE-2022-50110,1,1,b57f2a302cb59bb38cd9ea196ba43e555c9b10f86ddf2867fe029cd6ed41728d,2025-06-18T11:15:40.530000 +CVE-2022-50111,1,1,2d643e0548608612631e58fcf69ba352350d8ecfc49d1ee72c4d92e47d3826f7,2025-06-18T11:15:40.660000 +CVE-2022-50112,1,1,d56b5d3a9f8ceeb3df771fd38acf3db3d6838b1f9033559a2a08da60e7092f53,2025-06-18T11:15:40.793000 +CVE-2022-50113,1,1,32180c6b81527629fca8c240303da831f14d544e2659a46c2cc3c65b237999db,2025-06-18T11:15:40.917000 +CVE-2022-50114,1,1,ac80e0d863d31056fee7e613d51c0380984e32c4a5b0e80ad14c49d703ad6b8d,2025-06-18T11:15:41.030000 +CVE-2022-50115,1,1,c71462018ed77e437e6ed53c279efc0a5de7e5c51fdef33d4f8a11d7a54f3151,2025-06-18T11:15:41.140000 +CVE-2022-50116,1,1,613f2dfb35197c85985bd4a4b86fff0123b3f06f25d69bcadeb1618c591e7a0b,2025-06-18T11:15:41.257000 +CVE-2022-50117,1,1,3d12b6fa1b9d31997c94fe6ff74740528baa34e8a92928e082e36638aac60eae,2025-06-18T11:15:41.370000 +CVE-2022-50118,1,1,7af6f15e3341a331eabdf2eff1988a0fe47c3f2dc8350e5e65690609b5982c10,2025-06-18T11:15:41.477000 +CVE-2022-50119,1,1,c6f919c76da7e4efe6fc4015c96f40c03aafb1061bba809b98e7027eb33afb57,2025-06-18T11:15:41.573000 +CVE-2022-50120,1,1,f1c5d93d5d0868b4570a83a0f55c7961ec2dc9679945f618b6fd35cc580e4f1c,2025-06-18T11:15:41.683000 +CVE-2022-50121,1,1,cc9f7fa14c342979baf819a58152229e10395e5e83094fde772938377f9b2790,2025-06-18T11:15:41.797000 +CVE-2022-50122,1,1,7d5e2e88c3a91f3e5da3dc262c2da9f4dab42eb3b7373363370fa49235387e52,2025-06-18T11:15:41.900000 +CVE-2022-50123,1,1,fbd9b7b828d66323f9aeb2a4a56ef46031cee971d1a07edc33de9d186a3c1091,2025-06-18T11:15:42.017000 +CVE-2022-50124,1,1,9a02d87e7387c592dfb68a529f36d7bbd37c0a05131dd0130d555352acb4425a,2025-06-18T11:15:42.133000 +CVE-2022-50125,1,1,f73b87c61c1e5d6f4d55fe2d7106f19f61c28e042644939072ba6372633515c1,2025-06-18T11:15:42.250000 +CVE-2022-50126,1,1,af8bcd59062b16f2ebd219259abcab8465621d865b56e6970f4ad71da707a36a,2025-06-18T11:15:42.360000 +CVE-2022-50127,1,1,998ee4bf9fecc7aabba3581436f754f0c70eb4cd03f6c879c43ac9816224d8fb,2025-06-18T11:15:42.477000 +CVE-2022-50128,1,1,b86f0752ab40c14065975351c2362fbb4c3b00fb650a0f3210c34ccca2e9ca24,2025-06-18T11:15:42.590000 +CVE-2022-50129,1,1,0169eb3092eaabae1490c6f4172e2140d8749ae1b637da4bd3aacf8a6cf5fffc,2025-06-18T11:15:42.700000 +CVE-2022-50130,1,1,6f7bc91902cd0d6a28b8579083ee20b064b90083b9116cb328d838f6312313c9,2025-06-18T11:15:42.810000 +CVE-2022-50131,1,1,f20edf5118e0cecb87411bea213e4e7d830e702895ddd92c5023b72c946dceea,2025-06-18T11:15:42.920000 +CVE-2022-50132,1,1,95b2d2de88f099218f32c13d8cec934226d034151200970c420fbb8a88d42026,2025-06-18T11:15:43.030000 +CVE-2022-50133,1,1,b584748e28b69c635084f5153ae97238bbd1b84773360d3122a4b83babad26d9,2025-06-18T11:15:43.140000 +CVE-2022-50134,1,1,8aee3ffc48cd5d1ea0b40f4551d1e39061584381832dc4fe9ef8f1bd86bbb143,2025-06-18T11:15:43.263000 +CVE-2022-50135,1,1,7344194588f0fee5ff045fcbc3ed02904b8081ca0f1b527926f1b3edeb4960d2,2025-06-18T11:15:43.387000 +CVE-2022-50136,1,1,a53c2c54195bf0d48e80ead66f133230e3cbf49ac6547b1b22d9a0b726313cca,2025-06-18T11:15:43.493000 +CVE-2022-50137,1,1,9c57845dec0ff225966844a254a88d93397d4960101d7ed1db5d916a65fc943c,2025-06-18T11:15:43.623000 +CVE-2022-50138,1,1,740e18034db436d35b3e6e45b80d21b7470efe16fcdaae5ce5b2352528b34689,2025-06-18T11:15:43.733000 +CVE-2022-50139,1,1,62f45d6814a1d2773a73270a1a45d6b2863f48b4357344bcfbde6cb7f5fa935c,2025-06-18T11:15:43.840000 +CVE-2022-50140,1,1,7b3bfe2489fb7bccf7f42bf2db37d1a349c8bb0bf69d59b21468f2f18f94115f,2025-06-18T11:15:43.953000 +CVE-2022-50141,1,1,379ed63a9a9ff8deadbe4e48d0e03871e22c936817a2395df7fc03173713bd6a,2025-06-18T11:15:44.070000 +CVE-2022-50142,1,1,bbea6ede710a8f1a783d9dd5b23a117a70b931f03daffa23cd08bfa8da500377,2025-06-18T11:15:44.187000 +CVE-2022-50143,1,1,55b11012fe821827a6ac2f7a963083a8f490ad511a47a2247fdab35d7f61b32c,2025-06-18T11:15:44.297000 +CVE-2022-50144,1,1,6fb7be1b99ff8e142fcd8d703954c7d5e119446c5b8ca40fc1fc9ef1e4c9ab56,2025-06-18T11:15:44.413000 +CVE-2022-50145,1,1,b8c26bff5730b3b22850097c58c65e1f898f48e6bca0c83fd0a34fca0f620d8f,2025-06-18T11:15:44.527000 +CVE-2022-50146,1,1,618624cdf0b8bb4d57b84c1670a21cf4c65bf59bb90becdb79e84c0a56d94fac,2025-06-18T11:15:44.633000 +CVE-2022-50147,1,1,9ca1b70cd46a8280c1ca44fe9ae295473e3c37ffb2be84df81ddf39fa5d4fe5e,2025-06-18T11:15:44.743000 +CVE-2022-50148,1,1,d3b7fa4e8f79f729690682963a087654aa020666d2e8ce3c5dd21a7eabaa9365,2025-06-18T11:15:44.857000 +CVE-2022-50149,1,1,69584bce8101d8f1ff8beaa25f49feae8b4a8ff0e68fc1287f5b8509aba2f3bf,2025-06-18T11:15:44.963000 +CVE-2022-50150,1,1,aaf39e6fc68cf190179bb7c1213116d556140a589931f8cb226cd9e2cb198046,2025-06-18T11:15:45.073000 +CVE-2022-50151,1,1,2a4c6f6a38871a5e3269f0b516dc74f635ab42f26eae7584f46ba49265c465f7,2025-06-18T11:15:45.190000 +CVE-2022-50152,1,1,110d24b34c30dc5b95b957b42f56b8f34065b4c92e68d06ea6cf0c4f694811c5,2025-06-18T11:15:45.297000 +CVE-2022-50153,1,1,2a19bd39f6dc6c0c09e5c400470bf4e14bbd324c8e3abadc0a7ebe5c7e1f2a1e,2025-06-18T11:15:45.417000 +CVE-2022-50154,1,1,6ebd76786b0f1330fdd0f78b3d9f1a67128d0ca0bd445d170e3089a3a9ab5dbf,2025-06-18T11:15:45.530000 +CVE-2022-50155,1,1,4a85720fabdc5429aa5505ceb093d10cc61286b00d76571512ceada2293de336,2025-06-18T11:15:45.640000 +CVE-2022-50156,1,1,6413db03b52a107c42e0f2670817ed2eec7f89ba0e22b4fc4ae7a3dd42b03ac3,2025-06-18T11:15:45.747000 +CVE-2022-50157,1,1,58e3252d548e71cf48e8469247e5796d6f92b5ec2be36caaaeb96c9cfd9ff129,2025-06-18T11:15:45.863000 +CVE-2022-50158,1,1,7694bc3fc90ad47d2e6ef00e7e1ad92f56fadf8d11836e88061672924662d8a4,2025-06-18T11:15:45.977000 +CVE-2022-50159,1,1,775fca9e9c0a0624742c8d819309d20708167a23e1fbe8ed68dcb3eda4ab4047,2025-06-18T11:15:46.090000 +CVE-2022-50160,1,1,605c2f1e3b8aa87d951292196b8dc716964654b914a8bd8f640845d1e55a234d,2025-06-18T11:15:46.207000 +CVE-2022-50161,1,1,92137564e6c36df4656f0fef56247a072f6450a8d7a671018d2f57e69cf53cfe,2025-06-18T11:15:46.327000 +CVE-2022-50162,1,1,7f19b64fe79511e8de8878bb1e8321b9b50c04793131b42abbc2b7c12cfe102f,2025-06-18T11:15:46.440000 +CVE-2022-50163,1,1,05d23895b118ae946ae4aa1ab2cf3b40b9e2abd148935f2b73c9853df98b6500,2025-06-18T11:15:46.560000 +CVE-2022-50164,1,1,d4755469a65ebc77df4758d135680790c85cef1578e24d23dbc89110386a6dc1,2025-06-18T11:15:46.677000 +CVE-2022-50165,1,1,82af87fb817ea4d056833838700baa9ee5ac586e8d1303e2f5b20457f3f9c72b,2025-06-18T11:15:46.790000 +CVE-2022-50166,1,1,d88b95bd06339f1a163c9d5b19fd0d86c5034f32c4b7ffd022dead2dc8b36d28,2025-06-18T11:15:46.907000 +CVE-2022-50167,1,1,93a6694f515f9cf704e8d7289d2d41c46a2661bd741b3b6ead757578d769b9ea,2025-06-18T11:15:47.010000 +CVE-2022-50168,1,1,48b1e53c260023416862e0f0279fe64ef93d8fabc3386c1266b1aa0cf7a7e40c,2025-06-18T11:15:47.117000 +CVE-2022-50169,1,1,7cf9a3203ee7d913684eda1291747b9ce90baae95df0e823067dae419357a911,2025-06-18T11:15:47.227000 +CVE-2022-50170,1,1,11932793ed66d383c159c4dda3f92244ed3b12017cdfc700d6d3bd0d86af22a5,2025-06-18T11:15:47.340000 +CVE-2022-50171,1,1,d01047d627d219f27c6956ad830c4699493b31e3c1daedcfbcd0eae97676763a,2025-06-18T11:15:47.443000 +CVE-2022-50172,1,1,5c0a461dbaffe3199905554115bd46f6ec776a216e6c6067e1a76cb6217f53ba,2025-06-18T11:15:47.550000 +CVE-2022-50173,1,1,9f6254337c23b023cc04ef52898a98706d329546353ac28ebd07d5e59b083bd3,2025-06-18T11:15:47.660000 +CVE-2022-50174,1,1,78a25f6f5b9162951d3a75c4d3989581bd7297eaeb5b63aa2fae2c8b73e3119b,2025-06-18T11:15:47.770000 +CVE-2022-50175,1,1,4dd3853d502f1857b25546afece8dab4a344decd81270e487781d0f8d433b784,2025-06-18T11:15:47.883000 +CVE-2022-50176,1,1,45fdad1c536bf082210cca552d742c49cd4d056bffd398a173c989a27def69ed,2025-06-18T11:15:47.993000 +CVE-2022-50177,1,1,9eaed21549c4f442baccd532475e6e4b26ed699a4943539750d5e33c50870e58,2025-06-18T11:15:48.107000 +CVE-2022-50178,1,1,96b71c751bed25140f4f04a59d7179ba4ae40d3461bb3991ac6bf85daa886357,2025-06-18T11:15:48.217000 +CVE-2022-50179,1,1,84f688ef1344c065324f58d8c1e9136834ef303d173a7fec45136e6585dc01ca,2025-06-18T11:15:48.330000 +CVE-2022-50180,1,1,7c706ef69a48d5bf1fa8f0d3812c0d0ea2410fbb9fe2af4d9fb1882bf653cc9b,2025-06-18T11:15:48.463000 +CVE-2022-50181,1,1,62c00a7749f263cc2563a6eed49941cfd524daf3730ab71d281e7cd1fc4e0064,2025-06-18T11:15:48.587000 +CVE-2022-50182,1,1,4cf34c9cee68a6dfc2e4c2235290f90ce26288c3c91c0e663e7c73224f025ef2,2025-06-18T11:15:48.700000 +CVE-2022-50183,1,1,e0683bbffa67a854322f196b40464a953d7ee4ed8e673ac3630ac2acdc7bbe94,2025-06-18T11:15:48.810000 +CVE-2022-50184,1,1,1d96311babb6c7baf4ddd704b06ba1ab571d3a06676584020f4ea1ab7ca11201,2025-06-18T11:15:48.917000 +CVE-2022-50185,1,1,bbb2711c4a7f6dfed93491e9febe69557d2117912d37b5d27735a3de9bc7bf1b,2025-06-18T11:15:49.030000 +CVE-2022-50186,1,1,c33a0f71d1cffb19db345886764e0fceacfe4751ec5d07f16ae0eb2a5afc3422,2025-06-18T11:15:49.147000 +CVE-2022-50187,1,1,ed92a729f484b6851308582a7d26467d0b37bb34b8fa17f0cf40a984ce8abb7a,2025-06-18T11:15:49.267000 +CVE-2022-50188,1,1,a38babe0c5c959c0f7902a2bc063286e5a27938c15ae882d0ba2c68fe957f545,2025-06-18T11:15:49.383000 +CVE-2022-50189,1,1,6ee9e5de5cfdeedc46912381d774a96371e90f8b2f254edb505c3afa4ca9886a,2025-06-18T11:15:49.490000 +CVE-2022-50190,1,1,30d85c9af9187ca37885e384935adcdbed8c897d6041aaee792872c9cbf51c18,2025-06-18T11:15:49.593000 +CVE-2022-50191,1,1,bb122c471c3f70d167d61419ce8dbe9abda39e515174b795bf63048e0eacf368,2025-06-18T11:15:49.693000 +CVE-2022-50192,1,1,69475a7a8dd05b688344f1840df1bd5a0886317b89a7c1bac95b6e336262115a,2025-06-18T11:15:49.810000 +CVE-2022-50193,1,1,ace1b97b5cf404b1d679cab71bde132675bf28037db2f3be27b5cc41d22ad3dc,2025-06-18T11:15:49.920000 +CVE-2022-50194,1,1,9f2704e86307f24e7e5a60eca828f074fd713bdcaeecdc2961568ea02c06b296,2025-06-18T11:15:50.030000 +CVE-2022-50195,1,1,0f51ec6bfd8fa56843283ac099606121c08a2f29f776416a6da785bae00b2f65,2025-06-18T11:15:50.140000 +CVE-2022-50196,1,1,bbd9654d37769faa6ff041f6b5444142b69c575052739cd2b6f947946139cf7e,2025-06-18T11:15:50.247000 +CVE-2022-50197,1,1,6d608c056f6c7becf87bee70e082693e33e53c33361b7d947dffa3f23b888285,2025-06-18T11:15:50.360000 +CVE-2022-50198,1,1,1578e6c462ffe9da327edc456d60f3fd42311c3dcbe38eba2797d10c1367f1db,2025-06-18T11:15:50.470000 +CVE-2022-50199,1,1,e034aa14a4082cb7adb46b483073ed002f97ce3d1c769b447fa1325fe5ac0401,2025-06-18T11:15:50.583000 +CVE-2022-50200,1,1,4116c43004c3c99a85303b28d9e06ef238abe3aba2cabe663d2922415d0f7ebc,2025-06-18T11:15:50.697000 +CVE-2022-50201,1,1,a51c36ab10cd5b24b40769cc8307749e245c1767bfc2f52c2d8f48db5836d5a8,2025-06-18T11:15:50.810000 +CVE-2022-50202,1,1,4207cc2f13b3cb8ecb05d4f949640845b92c386246f01231b28544ada9579489,2025-06-18T11:15:50.923000 +CVE-2022-50203,1,1,4a818579a08dbd613e800c7869c889ac93a2d55f7523484c6ab3f180d6d629d4,2025-06-18T11:15:51.043000 +CVE-2022-50204,1,1,9ea7f40d08ea20c313418c2d6773207b4d19bf58b743f05fb2dd3fddad4543b2,2025-06-18T11:15:51.160000 +CVE-2022-50205,1,1,16b0b138a286e14dce6d2170f40770a9f834f52b79cc6bb7e69bed052095e04b,2025-06-18T11:15:51.267000 +CVE-2022-50206,1,1,c8b2cf1650d44ce0a716bf8a917ee7aa239e444e47e2df653a106086fd0eb0d7,2025-06-18T11:15:51.390000 +CVE-2022-50207,1,1,6d6c4936eca5f458e412a20dff41b2943ab4622101ffeb36b9766b3927c5e7c8,2025-06-18T11:15:51.503000 +CVE-2022-50208,1,1,2ba90db772a7b1a59dfbbaed9cf80f88c69ef0514e6b8da2d095240af959dba7,2025-06-18T11:15:51.620000 +CVE-2022-50209,1,1,6aa33848886f1d74f907760181445c176f118ddc5e16cee7b81f651e3811c25c,2025-06-18T11:15:51.727000 +CVE-2022-50210,1,1,790f739f67fae80264afb165a5d27e565cdbc3ae103699e4c14057230741a28b,2025-06-18T11:15:51.843000 +CVE-2022-50211,1,1,9ac02edfd9dac92d89043af2673060074ec5d061e59d41dbf50321e12865be9d,2025-06-18T11:15:51.970000 +CVE-2022-50212,1,1,d97ff7669fed581d1c386085684e5f635d5d270a3fca04e94f6e87cebf28a6db,2025-06-18T11:15:52.087000 +CVE-2022-50213,1,1,2b61c49359bae8806de35603c30f894b53a756676ee6bb17e731d767d8adc0f6,2025-06-18T11:15:52.197000 +CVE-2022-50214,1,1,ca6e264eb8e5f239597f5d27b00ba48b776a4911b903137d4bed2ac5384825d9,2025-06-18T11:15:52.310000 +CVE-2022-50215,1,1,34714fab0d77c8edabae37434ae6184ce8ab69fab9cdc07a0ee86a0ec02d1d2a,2025-06-18T11:15:52.423000 +CVE-2022-50216,1,1,f2cdd190c1caba66efb630af82255ab067c16e0a418d9934849819a8255273ec,2025-06-18T11:15:52.540000 +CVE-2022-50217,1,1,2f5e6a6cea6341844bb63ea71e1e5dd60d232c55cd765574639b7e37b3c191c3,2025-06-18T11:15:52.647000 +CVE-2022-50218,1,1,6c4169a2916d0e98c1ecda2d00e63ecd04d4626a38ea26f70e9daa952e4f7eed,2025-06-18T11:15:52.753000 +CVE-2022-50219,1,1,73b6af717dff72e19c57925a6ba08a40c29088b5da7629df6fa23229db1b58a2,2025-06-18T11:15:52.863000 +CVE-2022-50220,1,1,a00429fae6c621828e892c1336d5d63e424c487a4d5a8568657d75809516a10b,2025-06-18T11:15:52.973000 +CVE-2022-50221,1,1,bca9634d034cd4ff9668837946e6861da1ad5f944a2843856bf5d4a860424447,2025-06-18T11:15:53.090000 +CVE-2022-50222,1,1,cd5d4cf232eb6024c1a4ec08eb6f11a3c501bb77686da49e03eacfa898959298,2025-06-18T11:15:53.193000 +CVE-2022-50223,1,1,4886a24d8dbdd347f39b077b9594fe271ceaa65400737d983cbc10079bb9206f,2025-06-18T11:15:53.303000 +CVE-2022-50224,1,1,9d99498ed163214b663ccad1e222682480538bfe7bdf7a9e00e063a55051d96a,2025-06-18T11:15:53.410000 +CVE-2022-50225,1,1,ae42a57626d1c78850b90f41c6649a4be241b1ba221751765e068e133e605f54,2025-06-18T11:15:53.517000 +CVE-2022-50226,1,1,7bc26ba4bafa108395588f30a75f450aef3a651729882d0e6f0db8731c476ffb,2025-06-18T11:15:53.633000 +CVE-2022-50227,1,1,4b0afcd31d6fb8734f25e8c4a51dd9154e6984581f590432dad0df46d0277edb,2025-06-18T11:15:53.743000 +CVE-2022-50228,1,1,c047772bd1e9cd94102c59d30064e37eda65a6929b7988112ab91d6672b7fb57,2025-06-18T11:15:53.850000 +CVE-2022-50229,1,1,9a98f728b493eaf99c2681b16f83e6dfcb92b2612e1bedeea26a3802cfb0c879,2025-06-18T11:15:53.967000 +CVE-2022-50230,1,1,6748146adf4be90e4fcfbd5165028ef1ed973bc9fcb7a16cdac18532d3fab4dd,2025-06-18T11:15:54.083000 +CVE-2022-50231,1,1,6f70e4583d431a7c12eb9d321f480cadcea21c0806b9e35215495115fd9eff9e,2025-06-18T11:15:54.187000 +CVE-2022-50232,1,1,99eeb7d212c01c7f22c776e238aec2e80d7d8df650a2314f4f75bf72c41d4ca4,2025-06-18T11:15:54.297000 CVE-2023-0001,0,0,2dfbf6dbe59b530ec18f5af443ba14cd4d2a5b201d3a1ffcc25574a8da444091,2024-11-21T07:36:22.050000 CVE-2023-0002,0,0,d4360529168fea353efb6226181fd2ab0e85944e3049df689718cf07491ef7ac,2024-11-21T07:36:22.187000 CVE-2023-0003,0,0,e9130921c34a8d1b2e06e89be0ccfee8f78c6c04b42ac1af0311d8e1a3808a43,2025-02-13T17:15:52.570000 @@ -265367,7 +265666,7 @@ CVE-2024-39777,0,0,d544fb5c8af3d11cc0bf86238933c07737b24f611dcb10d9d356ddde3e445 CVE-2024-39778,0,0,9acf5afdd541cae045e7bdc26465b94e6c92b67cd02d0fd987512cce467c195a,2024-08-19T16:20:52.980000 CVE-2024-39779,0,0,88a98cded7006229eb9e6198e6a0913ba739bc6556fc7067d144510fc57eacd4,2025-02-12T22:15:37.117000 CVE-2024-3978,0,0,482c21d01e49c69bca4dc15aede6173bfc8d79c5700a49fac23ff27e1403ed25,2024-11-21T09:30:48.857000 -CVE-2024-39780,0,0,4282b190f77907c5041c03fcf6476dbd44ca458f23283ed00958225f3781bf4a,2025-04-02T14:58:07.527000 +CVE-2024-39780,0,1,0d52b3d63f327022ed0a23e5cfa9e2e54e7c75050eea732ac8f7ade52d46cd32,2025-06-18T11:15:54.417000 CVE-2024-39781,0,0,cd7ec078c3d17c622583b3e23660ac213bd8eadef2f1c6639a74be6e2f789062,2025-01-14T15:15:22.900000 CVE-2024-39782,0,0,2c4a0c996115cb53bacadccd26e56de9d86433511bcf2ca9387251a8d2006990,2025-01-14T15:15:23.090000 CVE-2024-39783,0,0,f6f01647f22663a1a4237028be2f09d041ea4a7b798078632e4cd7d6dc559f9f,2025-01-14T15:15:23.253000 @@ -283279,6 +283578,7 @@ CVE-2025-1084,0,0,9bdd1b4cc79c8734b99a91f772eea406bc01ac38fde0723939e3b96ec244fa CVE-2025-1085,0,0,240f000b2a2196559d3c93131a0f7508a4e94aebf865be36c2ffd695012f0fe3,2025-02-07T01:15:07.930000 CVE-2025-1086,0,0,a69d2558168bf2a8aaa109750d1ed5860f8baf2bb5bad3b2b8e78234f1d8c631,2025-02-07T02:15:30.523000 CVE-2025-1087,0,0,04ca81f6e615b588f3128f08d2d127bf6f23f8b44dd84b3b46b49dbbe05a880f,2025-05-12T17:32:32.760000 +CVE-2025-1088,1,1,8e89fb662cf44a72b74cdb3248bd3ccbcec7549d1fba859f66b377f7caac26ea,2025-06-18T10:15:31.210000 CVE-2025-1091,0,0,41f3aeac640c3e0e17c6b04948a8dcf1ae635325d94a919fd15d739e41c450e8,2025-02-26T00:15:11.250000 CVE-2025-1093,0,0,a1af9eec6f0022f735b68b643db8d78e6b7244074d1a4213b525a706734f31b1,2025-04-21T14:23:45.950000 CVE-2025-1094,0,0,dca1378d2e11e054a0baff76bda52bd172b0e41af32ad66e0ce66e679989e2ec,2025-02-21T18:15:20.033000 @@ -283670,7 +283970,7 @@ CVE-2025-1558,0,0,c78589d5810333dd5b267c981b16d0ba3ae44b98790279ca9bbe06e61569b3 CVE-2025-1559,0,0,709a243835f3c6ce0779a28711cc25be41f0a8c4f301b124730fe9903567f95d,2025-03-13T02:15:12.917000 CVE-2025-1560,0,0,5806fdd5d9f8e8a09704d33fd8caadc121e4fbb048f372fad8d43065a1e4a103,2025-03-06T16:15:42.753000 CVE-2025-1561,0,0,33a657fb8a4122eef68e03cf0206d7dfa8ce683bdf001162cf57406315521345,2025-05-26T02:14:52.170000 -CVE-2025-1562,1,1,2f1a546af7a9e680b6e9e17b545c2838e9905defeb3d99dd716116f7fa0d1e2e,2025-06-18T08:15:28.987000 +CVE-2025-1562,0,0,2f1a546af7a9e680b6e9e17b545c2838e9905defeb3d99dd716116f7fa0d1e2e,2025-06-18T08:15:28.987000 CVE-2025-1564,0,0,9d62e5431da133f133499b29bcb96aa13e41c1b673396891299a0b15aab9c828,2025-03-01T08:15:34.007000 CVE-2025-1565,0,0,35456b68df2d2d86ef4d0fb4554495a75d56271b6d28363288295dec6a61577e,2025-04-29T13:52:28.490000 CVE-2025-1566,0,0,b62614d5a9b64c7c70aa72ecefcdd1eced14936f4f2bd9f2f3dab198c8a80ced,2025-05-06T01:15:50.030000 @@ -287178,6 +287478,7 @@ CVE-2025-23995,0,0,fc33427766934e6ec798a3acad36041ca77888d3bd75447ef8556d65238e1 CVE-2025-23996,0,0,044a631ccc7b953428bed6ca4f1e78634642ba7fb893e1284d5301e8ce6e28fa,2025-01-21T18:15:17.503000 CVE-2025-23997,0,0,77e65675aa34b148df76ab43b9568b71cc7208d39621afbe6f65c277717cb0b4,2025-01-21T14:15:13.230000 CVE-2025-23998,0,0,4ced4b8f68a6d09d5a1c825ec6107a84dbbb418c96e80844463996fce823e3ed,2025-01-21T14:15:13.413000 +CVE-2025-23999,1,1,72374f8214893c680a51abad398c8f4d28cc54708d44133e54aef57ebd970d61,2025-06-18T10:15:31.417000 CVE-2025-2400,0,0,cb277ee1e8117318fb6e147a1b2b1e1371201876775172b424ebe4df769d43b5,2025-04-16T23:15:45.697000 CVE-2025-24001,0,0,2c753840ec158b2e8c5040a7ed2631e45b8667250a806707291f782ebc7cf4aa,2025-01-21T14:15:13.600000 CVE-2025-24007,0,0,d5a322aca38d9b339464f589901eb52f11882e233cfd426d01e2c3406881418b,2025-05-13T19:35:18.080000 @@ -293934,15 +294235,92 @@ CVE-2025-38001,0,0,f1d879e3e41b536006b2acf960f57963f13350b942114c8184f7bf396f734 CVE-2025-38002,0,0,0e2b95b7683ce9160d9906a3f278c5022b1770c45e99a731c45afc7e6fcf9135,2025-06-09T12:15:47.880000 CVE-2025-38003,0,0,ca8f9ecbae8fdba1b8865fd21be281164759e9596e2b0eec8b348d2e0dad31a0,2025-06-09T12:15:47.880000 CVE-2025-38004,0,0,85c8b2da0f0f4015c5981e2f5b69c4e07297a0419f793802db6cb7027b5224b4,2025-06-09T12:15:47.880000 +CVE-2025-38005,1,1,dc10cab6063efa3dc2f3bc64433287f370c635713562c0dc805c8cb86b8a8ebb,2025-06-18T10:15:31.617000 +CVE-2025-38006,1,1,9f408163fba426f1dff4b83f4fc18e5aba02f2b981e649df2f9cc5ec11338216,2025-06-18T10:15:31.773000 +CVE-2025-38007,1,1,085fcd2676c9c5caf8f04233a68a726620054cb32769f0f6ba3619bf3cfdd4b4,2025-06-18T10:15:31.907000 +CVE-2025-38008,1,1,cfa6c69bd18cd87e3a02517e3dafbf6ec99228abaf970483f00b54d5e82c00fd,2025-06-18T10:15:32.037000 +CVE-2025-38009,1,1,b407277b003b61a8985e28bfc3cd559d9f92c2994c2b1a0e26c8aeb3c690a775,2025-06-18T10:15:32.160000 CVE-2025-3801,0,0,6b6ff942433f61f662faba2077e387c7e727543b5aa46dfc81789b9bc5de9c1b,2025-04-21T14:23:45.950000 +CVE-2025-38010,1,1,5261eb09dd3ce26169fb2fc9392585217d495dc065a1d4f8060d06fea7fc927a,2025-06-18T10:15:32.283000 +CVE-2025-38011,1,1,aae7ebfd119d5c22c5480630ef8ae7f122e9fe1c3e84614ca0cbd63ffaf3af13,2025-06-18T10:15:32.417000 +CVE-2025-38012,1,1,bffae1089e607575a78c84eed36f03fd5cc74a83a9fcc277831eddd064317d24,2025-06-18T10:15:32.560000 +CVE-2025-38013,1,1,5cecb8f028f22106750906df8999f043c9cb02aec964ae3a2d616e838f8aee3c,2025-06-18T10:15:32.797000 +CVE-2025-38014,1,1,3a681c69e7160c515ec8c6ce50f970067ab43cdc7a8306fbebf5caee71a9d348,2025-06-18T10:15:32.927000 +CVE-2025-38015,1,1,b681d324aab86646016e4c4f87d5a06c556720caa6cd8a263560ed7546d2244c,2025-06-18T10:15:33.060000 +CVE-2025-38016,1,1,8832ffbd46a6276ec62858cc0c5fe2058606ca02d730926b95e73a7b3ec21bb4,2025-06-18T10:15:33.187000 +CVE-2025-38017,1,1,961573ced080b2235d5b39ebe86f8defb193d31be47722c25bbea4939297bd14,2025-06-18T10:15:33.310000 +CVE-2025-38018,1,1,8d6b46b107edab8305639d3de0b69492e1da41eb4adccfdff91e40f87018c9c8,2025-06-18T10:15:33.433000 +CVE-2025-38019,1,1,04bf5839c16f220469728186a4e3ef3dd99fcef885a60d4cd608b06133a21409,2025-06-18T10:15:33.563000 CVE-2025-3802,0,0,cb8866d1a3d40e40a3689450a33e3b06e4726efc19dbf523d222d1c8ac26594c,2025-04-21T14:23:45.950000 +CVE-2025-38020,1,1,0d5931ddea53cab3448433268b5065a69cb83aa4db54bd51128fe1cb59dde21d,2025-06-18T10:15:33.700000 +CVE-2025-38021,1,1,f7289be36e13035e2b573d9bea558a7cdd99f00a17e294d09acaa761a89f9a36,2025-06-18T10:15:33.827000 +CVE-2025-38022,1,1,1973979dec08787da7863a088238660a98c6af6cffded5c31a39209356998043,2025-06-18T10:15:33.950000 +CVE-2025-38023,1,1,23a306eabb37481ac492b8a5cb61fa818901b2be14ef40e7c0c3c1a43f9b2972,2025-06-18T10:15:34.100000 +CVE-2025-38024,1,1,5b77ce06894c6b038e4dfefef6185d3057fd93091b10711090ad6f125aa2a412,2025-06-18T10:15:34.333000 +CVE-2025-38025,1,1,44ce3d892e2802b51991d48d900bf391fb206a932b9f404a113c5cdddd5c6fc7,2025-06-18T10:15:34.467000 +CVE-2025-38026,1,1,764b1043a92b2139da7452983c359b1edc15afc413fb9507bcbd5b749d9eaaf3,2025-06-18T10:15:34.590000 +CVE-2025-38027,1,1,760f12fac04556d05edc0f90b4bbc2aa10dda7082bced4784c449b9b34a50afc,2025-06-18T10:15:34.720000 +CVE-2025-38028,1,1,4c573633709ac9a8fa72651275d9bda2f44de6c04c8ef2d7628c9b948b2dcd9f,2025-06-18T10:15:34.850000 +CVE-2025-38029,1,1,17860d14ddd221a39e3b8f9e489bc6ab6cb011d904ea723254573108c314743d,2025-06-18T10:15:34.970000 CVE-2025-3803,0,0,01cac43cb81122f40562a95ea00e02849827ad730598145fa3ede5a68597810d,2025-04-21T14:23:45.950000 +CVE-2025-38030,1,1,bcd23b6b4cb5966862e9e188e5352ddde85250ddd0a1ef1256e9f911de72e20a,2025-06-18T10:15:35.100000 +CVE-2025-38031,1,1,c63513754979b4f9eff75f927587765de2ad4bbaaa1a5a9ccf170e06a22692c3,2025-06-18T10:15:35.230000 +CVE-2025-38032,1,1,1ded35abc3820ecde17232453b2d85f5b56db51fc51bf4abe640739c54191193,2025-06-18T10:15:35.357000 +CVE-2025-38033,1,1,8c9e501bd21c8905e57b2c8521ec7cf0f1f7baa5f175b35fa75731cd1c4fb148,2025-06-18T10:15:35.470000 +CVE-2025-38034,1,1,33c301016d89fd86c35d41890541cb3a847ce9e2567c518c43c2f5d15d7b0e49,2025-06-18T10:15:35.593000 +CVE-2025-38035,1,1,ebb9a074d5c0d6c4a578652afeaf453c61716b4c5ba6621bbd59465c926b7af0,2025-06-18T10:15:35.750000 +CVE-2025-38036,1,1,67fab1a648efabc972b99dcd811c6d306240b7ce8199837de83da381885939f1,2025-06-18T10:15:35.897000 +CVE-2025-38037,1,1,e9b69c797560e74c9ef08fda2eebda76452882f3f55794f75c466ba57d7b0211,2025-06-18T10:15:36.030000 +CVE-2025-38038,1,1,6ece43b6b251896f0720da95c16655d378bd7ef4f78476994feb5041601a3d65,2025-06-18T10:15:36.160000 +CVE-2025-38039,1,1,bbef85fa014713c5ed3de62deac9a9b5d5bdf946a50c23f6bce9bf01bfafd059,2025-06-18T10:15:36.280000 CVE-2025-3804,0,0,a960ad1efaec79b58fa749a6014e18128fb57b7bf8364d1eb64d30827b07cd02,2025-04-21T14:23:45.950000 +CVE-2025-38040,1,1,52c57a3b3ae9cb7ebfe1315be4cb006ac7aaa5a41737ea30fe30a807b0781764,2025-06-18T10:15:36.400000 +CVE-2025-38041,1,1,2cee80e9be30d55b710fedc314a5f39cbc98f8c9246b50cf132c0032b653f316,2025-06-18T10:15:36.533000 +CVE-2025-38042,1,1,9e7c7614f0af289992b9b79974ba29ede7973dc5412a3075624eaadb0966d762,2025-06-18T10:15:36.657000 +CVE-2025-38043,1,1,64f6a6cab42c974d23ec22aca4a1a1211ff34bfd4c777ce798c523e4710b922c,2025-06-18T10:15:36.783000 +CVE-2025-38044,1,1,052d7f93cbb500c3cb33de0d4a10a67e06b0c3e226dc14ac43314034ca0b4b2e,2025-06-18T10:15:36.913000 +CVE-2025-38045,1,1,86c5b42752fdcc9339269e7dc88c078a5877db0cc3814a5260a0f162c02f3d6d,2025-06-18T10:15:37.070000 +CVE-2025-38046,1,1,15ec9368a50d888d5136d4dfc652c7063b285093837cb9578b135afd68ddf082,2025-06-18T10:15:37.187000 +CVE-2025-38047,1,1,39107b5868c528d273f47c15f98bf0d0b74466970f65862a71dcfcebd8a01014,2025-06-18T10:15:37.317000 +CVE-2025-38048,1,1,ea8dd5726682a68ea13f6a4c781a59635c7b7f393339c85759d92f2cabcc34e0,2025-06-18T10:15:37.450000 CVE-2025-38049,0,0,040cefcf14538a06f34cc66c42ab8c17682ad5e4b6d0a9190ed5be70488cda79,2025-04-29T14:39:34.517000 CVE-2025-3805,0,0,241a33f4e9fc6efdd907bf23299b0498afb39cdb67625bbdeefe692ffbc3848e,2025-04-21T14:23:45.950000 +CVE-2025-38050,1,1,1ba3d0fbd446c44d87a0189e27c83c4971d5bfa78e943edbf9a199b55e4a479a,2025-06-18T10:15:37.570000 +CVE-2025-38051,1,1,d29382d7ae5b7cda4603e84cb47e2dcbfabc62f1c5087bf6ea5f77a6315a4e12,2025-06-18T10:15:37.693000 +CVE-2025-38052,1,1,91cd376cbc9b9954e297d2951dfa1aaf9f3f442a5870053a6594bff354b354ff,2025-06-18T10:15:37.830000 +CVE-2025-38053,1,1,a2110d0c348f342e98a74935a7d2d1f38acde12a2b8afc1fcc3b8a4bc583eff7,2025-06-18T10:15:37.953000 +CVE-2025-38054,1,1,23cf386fff346c1f1dfb1656cf6319b699d985937a50e699bb04e4520b945e41,2025-06-18T10:15:38.083000 +CVE-2025-38055,1,1,131f25ebdcaadc0520fb6ab3bc60381e84761727a2743a7f1b60fb58f09edbe0,2025-06-18T10:15:38.213000 +CVE-2025-38056,1,1,9bb553a7b09365d3e20bb53322e6a174e52e31ae2e65fb3ff565e2b279b13314,2025-06-18T10:15:38.340000 +CVE-2025-38057,1,1,b6dfa6ec1df6dbd8275aedba4086bfb788d8e86c95685a978bbf693d5a73e623,2025-06-18T10:15:38.477000 +CVE-2025-38058,1,1,29374555e01d6b02486df322482b49bd73a6e168e141efd14d0c9756a178b9f4,2025-06-18T10:15:38.590000 +CVE-2025-38059,1,1,79ce2211cc919f59ee10aaec7797d4d5a80a994195ce600433974c5b0ee3974b,2025-06-18T10:15:38.703000 CVE-2025-3806,0,0,e36e660d067cc6351c2747c692d90bee5c708f7ff9070031d9f67a35bf91f826,2025-04-21T14:23:45.950000 +CVE-2025-38060,1,1,6787250ad07cbbd391c4e2df055ed94512811b8acaf68c8cf2882c617729ba6b,2025-06-18T10:15:38.830000 +CVE-2025-38061,1,1,58f989f5e090d81b907dd706a9a05914af5bd89f8accef1197177cc78d8f6efe,2025-06-18T10:15:38.960000 +CVE-2025-38062,1,1,d0f76a68c110f6bc7ded9e94a85360dd1c002b4e983f5620e293edc008f0b014,2025-06-18T10:15:39.080000 +CVE-2025-38063,1,1,bf0e5ef9452faf370ed23f42e97290480003fc4ef57472cb272569bc6a697b26,2025-06-18T10:15:39.207000 +CVE-2025-38064,1,1,c4354977a416f99af082e5d76d42f6976a16cf19d55f619fdde7ac97905fa0f6,2025-06-18T10:15:39.340000 +CVE-2025-38065,1,1,5c0c84fa1c701057a1cd80aef592265481900d5445dc631b8a54dd402268c954,2025-06-18T10:15:39.460000 +CVE-2025-38066,1,1,2d1f7bf5ea784b1c19196ad5e43edd9195bdbcf080df46f9af9101cf7fcd6319,2025-06-18T10:15:39.620000 +CVE-2025-38067,1,1,defc77c96b9a443360028cd331aab5073e78affbb94bcb6c59fc4050e63d1c59,2025-06-18T10:15:39.780000 +CVE-2025-38068,1,1,44ae2697876d0047996609f13849a9777c94cebbec08c0c0bc587b331af6bee3,2025-06-18T10:15:39.920000 +CVE-2025-38069,1,1,0ee254fa6a4d55b954e83c85ed0a9562c066532fedc46f01c05eb85591d34016,2025-06-18T10:15:40.090000 CVE-2025-3807,0,0,057776e91a97dea0c0cfa3b526925a979fc884811e2b0dc151ff467798773a60,2025-04-21T14:23:45.950000 +CVE-2025-38070,1,1,82dfa5a8af4da7669c17747ae9a1c6227c228b6276cd20ec2fcb599936dbe069,2025-06-18T10:15:40.320000 +CVE-2025-38071,1,1,e29ea6ca5d4f1df8f1b123b5ec0bc80d13a336b71c3474c47ea7dc67cbd0eb67,2025-06-18T10:15:40.450000 +CVE-2025-38072,1,1,0da049da8c899615431b40a611268e451460ad74b7d75de5b92d4b7d1160fea3,2025-06-18T10:15:40.583000 +CVE-2025-38073,1,1,1574810aa13f85d8eb042e45360d41fca967b9c67d30e9562849477fcdd457ae,2025-06-18T10:15:40.720000 +CVE-2025-38074,1,1,b309c5a560b5f92dfdfbeb8f20b0810b6fea0cfaf9c51758002baaae604a3b66,2025-06-18T10:15:40.850000 +CVE-2025-38075,1,1,c084ba4a32a5aa28a1751c0d427b5ebf34f83fa6f92855e5a74ae9a3cea8908c,2025-06-18T10:15:40.980000 +CVE-2025-38076,1,1,853cf087c77e14ba4ebdc2545a4346754d54198f2fd54f549114f0746ea3fedf,2025-06-18T10:15:41.110000 +CVE-2025-38077,1,1,50d250f0cdb36b585ce27e45b7329f713f060165ac628fa46996a8e0fbddacdd,2025-06-18T10:15:41.240000 +CVE-2025-38078,1,1,30a0bbbecc8668bcccc137044eaf1ced9c8c12723488386ef1835a5b348d231d,2025-06-18T10:15:41.380000 +CVE-2025-38079,1,1,b0e79b5b132b7c9fc261c5aeb1ef3572a843227a16041b1b5552a11dbb159453,2025-06-18T10:15:41.510000 CVE-2025-3808,0,0,c9d9b38c3b98d0e004f3d362b1c7affeec1437a2f1dff864304e4ff67e8ee1e9,2025-04-21T14:23:45.950000 +CVE-2025-38080,1,1,5b0892bed98b0ea2b55f0e6cfc15c3f685c13d7e134aff10b71f1fe0bb7b5211,2025-06-18T10:15:41.647000 +CVE-2025-38081,1,1,e38ac80b18eff377d5e7ea2b1068c989168e0a3c07d679ec74a9e68c07bbb07b,2025-06-18T10:15:41.767000 +CVE-2025-38082,1,1,1ae7c06400d8a7826443e7de5b5e33920c3c2be01c4f3ac919c4e1125c2d6384,2025-06-18T10:15:41.890000 CVE-2025-3809,0,0,b0f7ce143ffe6fc36f9bbc17873d1316b0e5d9337b65e2cd57e88fbec5f74a76,2025-04-21T14:23:45.950000 CVE-2025-3810,0,0,969f6ac87070c4164f54ddbb008c2e0ea10a92995f12f2bba35fa71773ee21b8,2025-05-21T14:39:49.083000 CVE-2025-38104,0,0,95fa066b9b297f0f71658bda9667ee4683e7719a8295e0ac6102597f6b2d67e5,2025-04-21T14:23:45.950000 @@ -297608,6 +297986,7 @@ CVE-2025-5232,0,0,1b45026e75247a7322427bb058f27ed5717a2e44e9ed2a15532ca07a8f6c71 CVE-2025-5233,0,0,6ecf1c2c649b0793b0fa703353d52d82c83e36cf0edf8150a0b10fa91cf5098a,2025-06-16T12:32:18.840000 CVE-2025-5235,0,0,9f99135aac66ddf72cbc0dbdd83c4db7648e86e689f203314291273a812d09e8,2025-06-04T18:29:21.090000 CVE-2025-5236,0,0,21b3f9a42248749cfd7dac46ffac19b1b1d972c6879013b8f47a703a60b1c09a,2025-06-04T18:30:22.220000 +CVE-2025-5237,1,1,1f71cb67b01d09dd1efc8e640793afa210f24cc810017301834b50ac58ef840f,2025-06-18T10:15:42.017000 CVE-2025-5238,0,0,2ea3b090ffb1e48b08d0ca2fe3294d59ed4285a1a902a2dd2038828fbe982e10,2025-06-16T12:32:18.840000 CVE-2025-5239,0,0,6516f1b341ac369c2f899c8884ddf4fbc36f529a71c6c5c2406c9cd11f9a2a1d,2025-06-06T14:06:58.193000 CVE-2025-5242,0,0,3430448059313f76ae0f8dcef9fc481fd3cfce1823da3d8abe54d77d5e6c274d,2025-06-07T23:15:22.130000 @@ -298135,7 +298514,7 @@ CVE-2025-5977,0,0,f1be6f85f13503775c495ea6cc25e73f56acbe00f921f8b9bd047e78e8e954 CVE-2025-5978,0,0,0dead1a357778d240f3ef63e07a94108270bf41eaba57dcb5df97505742c3c80,2025-06-12T16:06:29.520000 CVE-2025-5979,0,0,62f87aab912999e1a8c01e4f2d3083fff610fe2dfce4896415cd0de1f9a17fa5,2025-06-16T15:00:09.443000 CVE-2025-5980,0,0,8af030447f54b16e451333aa706668a1da67e0c666b6c363521b0e8683bf238c,2025-06-16T14:52:30.557000 -CVE-2025-5981,1,1,e4c58eb43ea09829bebd1a1cdae851d0a5fba24a5d716fd4703c47abbdf8bb60,2025-06-18T09:15:47.660000 +CVE-2025-5981,0,0,e4c58eb43ea09829bebd1a1cdae851d0a5fba24a5d716fd4703c47abbdf8bb60,2025-06-18T09:15:47.660000 CVE-2025-5982,0,0,d9487128b71b64381d82a652f7a1122df97e22510aec0c066c9d874bcd0cf999,2025-06-16T12:32:18.840000 CVE-2025-5984,0,0,9c065cc4f1bf71f29d217205fa1a3017b01589309492c87e21e29320e0443497,2025-06-17T20:34:36.177000 CVE-2025-5985,0,0,6bc7c20833bbb87d89e08ff2c433a1431f6002ad9972fe39c1f3aa9dac9d18ca,2025-06-17T20:34:19.473000 @@ -298171,6 +298550,7 @@ CVE-2025-6065,0,0,b54a72f9a0b99c16c66aef6c3f604cf5fb2ce5dc53cfc18dad9d67742adfbf CVE-2025-6069,0,0,aaecddc9e641aff8b09932943a0957451f7ad4331a64dcf165cb33af86f66732,2025-06-17T20:50:23.507000 CVE-2025-6070,0,0,c5bf4414dfa4d281aa3a990feec25cc21fddd34f58ddd67c6eaf8ae460160cc5,2025-06-16T12:32:18.840000 CVE-2025-6083,0,0,b33f55da80da8b54015e6694bf27d7fb64e15676e9297ecd61b06510d2a00a90,2025-06-16T12:32:18.840000 +CVE-2025-6086,1,1,6a4534f4ccad732948bad9199c81ca8bd290ac02943c9c10dbcda7e02af0c7a0,2025-06-18T10:15:42.230000 CVE-2025-6087,0,0,5d3cce316ca5514d26e28bfd08fd7951e8d7ff53f381ea5d6bd8b5eb4dcb4441,2025-06-17T20:50:23.507000 CVE-2025-6089,0,0,aa83c2709521312e3401dbda2e76aa38d9a30d639029a9e31a096547472bfbf3,2025-06-16T12:32:18.840000 CVE-2025-6090,0,0,b3117a09e99636e6b75c3bc4d007c4d35a7e4b86fe6bea5755369be96bc4e108,2025-06-16T12:32:18.840000