From c58c52e09891ab7af336d9b58b74cd5df710525b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 4 May 2025 10:03:54 +0000 Subject: [PATCH] Auto-Update: 2025-05-04T10:00:19.917401+00:00 --- CVE-2022/CVE-2022-488xx/CVE-2022-48802.json | 4 +- CVE-2025/CVE-2025-42xx/CVE-2025-4250.json | 145 ++++++++++++++++++++ README.md | 14 +- _state.csv | 7 +- 4 files changed, 158 insertions(+), 12 deletions(-) create mode 100644 CVE-2025/CVE-2025-42xx/CVE-2025-4250.json diff --git a/CVE-2022/CVE-2022-488xx/CVE-2022-48802.json b/CVE-2022/CVE-2022-488xx/CVE-2022-48802.json index fa232169ef6..f49630f1cbc 100644 --- a/CVE-2022/CVE-2022-488xx/CVE-2022-48802.json +++ b/CVE-2022/CVE-2022-488xx/CVE-2022-48802.json @@ -2,13 +2,13 @@ "id": "CVE-2022-48802", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-16T12:15:04.690", - "lastModified": "2024-11-21T07:34:07.003", + "lastModified": "2025-05-04T09:15:34.240", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: task_mmu.c: don't read mapcount for migration entry\n\nThe syzbot reported the below BUG:\n\n kernel BUG at include/linux/page-flags.h:785!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]\n RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744\n Call Trace:\n page_mapcount include/linux/mm.h:837 [inline]\n smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466\n smaps_pte_entry fs/proc/task_mmu.c:538 [inline]\n smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601\n walk_pmd_range mm/pagewalk.c:128 [inline]\n walk_pud_range mm/pagewalk.c:205 [inline]\n walk_p4d_range mm/pagewalk.c:240 [inline]\n walk_pgd_range mm/pagewalk.c:277 [inline]\n __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379\n walk_page_vma+0x277/0x350 mm/pagewalk.c:530\n smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768\n smap_gather_stats fs/proc/task_mmu.c:741 [inline]\n show_smap+0xc6/0x440 fs/proc/task_mmu.c:822\n seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272\n seq_read+0x3e0/0x5b0 fs/seq_file.c:162\n vfs_read+0x1b5/0x600 fs/read_write.c:479\n ksys_read+0x12d/0x250 fs/read_write.c:619\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe reproducer was trying to read /proc/$PID/smaps when calling\nMADV_FREE at the mean time. MADV_FREE may split THPs if it is called\nfor partial THP. It may trigger the below race:\n\n CPU A CPU B\n ----- -----\n smaps walk: MADV_FREE:\n page_mapcount()\n PageCompound()\n split_huge_page()\n page = compound_head(page)\n PageDoubleMap(page)\n\nWhen calling PageDoubleMap() this page is not a tail page of THP anymore\nso the BUG is triggered.\n\nThis could be fixed by elevated refcount of the page before calling\nmapcount, but that would prevent it from counting migration entries, and\nit seems overkilling because the race just could happen when PMD is\nsplit so all PTE entries of tail pages are actually migration entries,\nand smaps_account() does treat migration entries as mapcount == 1 as\nKirill pointed out.\n\nAdd a new parameter for smaps_account() to tell this entry is migration\nentry then skip calling page_mapcount(). Don't skip getting mapcount\nfor device private entries since they do track references with mapcount.\n\nPagemap also has the similar issue although it was not reported. Fixed\nit as well.\n\n[shy828301@gmail.com: v4]\n Link: https://lkml.kernel.org/r/20220203182641.824731-1-shy828301@gmail.com\n[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]\n Link: https://lkml.kernel.org/r/20220207171049.1102239-1-nathan@kernel.org" + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: task_mmu.c: don't read mapcount for migration entry\n\nThe syzbot reported the below BUG:\n\n kernel BUG at include/linux/page-flags.h:785!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]\n RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744\n Call Trace:\n page_mapcount include/linux/mm.h:837 [inline]\n smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466\n smaps_pte_entry fs/proc/task_mmu.c:538 [inline]\n smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601\n walk_pmd_range mm/pagewalk.c:128 [inline]\n walk_pud_range mm/pagewalk.c:205 [inline]\n walk_p4d_range mm/pagewalk.c:240 [inline]\n walk_pgd_range mm/pagewalk.c:277 [inline]\n __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379\n walk_page_vma+0x277/0x350 mm/pagewalk.c:530\n smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768\n smap_gather_stats fs/proc/task_mmu.c:741 [inline]\n show_smap+0xc6/0x440 fs/proc/task_mmu.c:822\n seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272\n seq_read+0x3e0/0x5b0 fs/seq_file.c:162\n vfs_read+0x1b5/0x600 fs/read_write.c:479\n ksys_read+0x12d/0x250 fs/read_write.c:619\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe reproducer was trying to read /proc/$PID/smaps when calling\nMADV_FREE at the mean time. MADV_FREE may split THPs if it is called\nfor partial THP. It may trigger the below race:\n\n CPU A CPU B\n ----- -----\n smaps walk: MADV_FREE:\n page_mapcount()\n PageCompound()\n split_huge_page()\n page = compound_head(page)\n PageDoubleMap(page)\n\nWhen calling PageDoubleMap() this page is not a tail page of THP anymore\nso the BUG is triggered.\n\nThis could be fixed by elevated refcount of the page before calling\nmapcount, but that would prevent it from counting migration entries, and\nit seems overkilling because the race just could happen when PMD is\nsplit so all PTE entries of tail pages are actually migration entries,\nand smaps_account() does treat migration entries as mapcount == 1 as\nKirill pointed out.\n\nAdd a new parameter for smaps_account() to tell this entry is migration\nentry then skip calling page_mapcount(). Don't skip getting mapcount\nfor device private entries since they do track references with mapcount.\n\nPagemap also has the similar issue although it was not reported. Fixed\nit as well.\n\n[shy828301@gmail.com: v4]\n[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]" }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json new file mode 100644 index 00000000000..03c8bb61f14 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4250.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4250", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-04T09:17:08.230", + "lastModified": "2025-05-04T09:17:08.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zzZxby/Vulnerability-Exploration/blob/main/Nero%20Social%20Networking%20Site/Nero_Social_Networking_Site.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307347", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307347", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.562906", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6a3b5c6bd15..47b1d8df1e6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-04T08:00:19.972910+00:00 +2025-05-04T10:00:19.917401+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-04T07:15:46.510000+00:00 +2025-05-04T09:17:08.230000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -292461 +292462 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `1` -- [CVE-2025-4248](CVE-2025/CVE-2025-42xx/CVE-2025-4248.json) (`2025-05-04T06:15:14.667`) -- [CVE-2025-4249](CVE-2025/CVE-2025-42xx/CVE-2025-4249.json) (`2025-05-04T07:15:46.510`) +- [CVE-2025-4250](CVE-2025/CVE-2025-42xx/CVE-2025-4250.json) (`2025-05-04T09:17:08.230`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2022-48802](CVE-2022/CVE-2022-488xx/CVE-2022-48802.json) (`2025-05-04T09:15:34.240`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b8a2e3a8db4..7a8ad4d5f9c 100644 --- a/_state.csv +++ b/_state.csv @@ -213006,7 +213006,7 @@ CVE-2022-48799,0,0,7619531259251f52f4818e7c70a35f7607ff5f9303e69548e032f340ff484 CVE-2022-4880,0,0,8fb56b1d9f287e441725c8c779cb7e190894a39fa7405cee12e3b5dced6087be,2024-11-21T07:36:07.800000 CVE-2022-48800,0,0,25e45786168bff53a2d3638c07ae0d5cbe48f0b78819c1eca6d78e17c8812ace,2024-11-21T07:34:06.800000 CVE-2022-48801,0,0,a8fd5f16c8a757c25d85dfc312a52de37c1cf99353d1034498d2c616b213194b,2024-11-21T07:34:06.907000 -CVE-2022-48802,0,0,452388413750fad0016a585aeb6293a87a2a7a194129365e3d1068278e8d25d8,2024-11-21T07:34:07.003000 +CVE-2022-48802,0,1,4906eaf7306bd8fe143ae4dec373af9453fcc4eeef6e0404542e70a0def52326,2025-05-04T09:15:34.240000 CVE-2022-48803,0,0,3944ba64b4bf5014e3b95671d9aaf2ca749998f790b192bd3d54f239fb4ea60a,2024-11-21T07:34:07.110000 CVE-2022-48804,0,0,d4967cc93f900d12692fa8fabca50399bd7d028413bcceb09e055fdf35a9730a,2024-11-21T07:34:07.233000 CVE-2022-48805,0,0,167d52a24873e16da257bf54e776f2ad2b9f6eb95b7d9e16898053f4fa9fe42c,2025-03-06T12:55:17.027000 @@ -292093,8 +292093,9 @@ CVE-2025-4242,0,0,a18e1f98cd095d87c40d74111ad793041b0163f20bf3618b9ca69660145ea9 CVE-2025-4243,0,0,1310f6c5e6634d5424783242fba5844e05f34db18655d16c2c6fd75c9f0b8c71,2025-05-03T19:15:49.027000 CVE-2025-4244,0,0,8b259f15428f0a929d71608db34d9147c9a97e4976e654353b7049d3e328affd,2025-05-03T20:15:16.823000 CVE-2025-4247,0,0,4066868d5713f167ac200dcde7dfb560fab9c8107c8253230c4533ff119125d3,2025-05-04T05:15:30.023000 -CVE-2025-4248,1,1,10b332005681a83a5eb8712d3b70b6c24668ed9d699c7f927584d89d73073617,2025-05-04T06:15:14.667000 -CVE-2025-4249,1,1,d31747f38e68f199ab53d1fe66543ef4d8c9ad2cd04e2e300ea5e49f2b1f49da,2025-05-04T07:15:46.510000 +CVE-2025-4248,0,0,10b332005681a83a5eb8712d3b70b6c24668ed9d699c7f927584d89d73073617,2025-05-04T06:15:14.667000 +CVE-2025-4249,0,0,d31747f38e68f199ab53d1fe66543ef4d8c9ad2cd04e2e300ea5e49f2b1f49da,2025-05-04T07:15:46.510000 +CVE-2025-4250,1,1,86985e0aebed8aa40005de56bff217d887fc19a8d92dae3bd1a8c05066ef5a91,2025-05-04T09:17:08.230000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000