Auto-Update: 2025-06-19T16:00:20.308673+00:00

Auto-Update: 2025-06-19T14:00:19.951536+00:00
Auto-Update: 2025-06-19T12:00:19.928988+00:00
2025-06-19 17:31:42 +00:00 · 2025-06-19 16:03:59 +00:00 · 2025-06-19 14:03:58 +00:00 · 2025-06-19 12:03:59 +00:00 · 2025-06-19 10:03:56 +00:00 · 2025-06-19 08:04:00 +00:00
1816 changed files with 85011 additions and 7031 deletions
--- a/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json
+++ b/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2005-2347",
+  "sourceIdentifier": "security@debian.org",
+  "published": "2025-06-19T11:15:23.593",
+  "lastModified": "2025-06-19T11:15:23.593",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2009/CVE-2009-26xx/CVE-2009-2631.json
+++ b/CVE-2009/CVE-2009-26xx/CVE-2009-2631.json
@ -2,13 +2,13 @@
  "id": "CVE-2009-2631",
  "sourceIdentifier": "cret@cert.org",
  "published": "2009-12-04T11:30:00.437",
-  "lastModified": "2025-04-09T00:30:58.490",
+  "lastModified": "2025-06-16T21:15:22.113",
  "vulnStatus": "Deferred",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.  NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design."
+      "value": "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.  NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design"
    },
    {
      "lang": "es",
@ -43,6 +43,16 @@
    ]
  },
  "weaknesses": [
+    {
+      "source": "cret@cert.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
@ -93,134 +103,11 @@
  ],
  "references": [
    {
-      "url": "http://kb.juniper.net/KB15799",
+      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0005",
      "source": "cret@cert.org"
    },
    {
-      "url": "http://seclists.org/fulldisclosure/2006/Jun/238",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://seclists.org/fulldisclosure/2006/Jun/269",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://seclists.org/fulldisclosure/2006/Jun/270",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://secunia.com/advisories/37696",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://secunia.com/advisories/37786",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://secunia.com/advisories/37788",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://secunia.com/advisories/37789",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://securitytracker.com/id?1023255",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://www.kb.cert.org/vuls/id/261869",
-      "source": "cret@cert.org",
-      "tags": [
-        "US Government Resource"
-      ]
-    },
-    {
-      "url": "http://www.securityfocus.com/archive/1/508164/100/0/threaded",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://www.securityfocus.com/bid/37152",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "http://www.sonicwall.com/us/2123_14882.html",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.sonicwall.com/us/2123_14883.html",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.vupen.com/english/advisories/2009/3567",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.vupen.com/english/advisories/2009/3568",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.vupen.com/english/advisories/2009/3569",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.vupen.com/english/advisories/2009/3570",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www.vupen.com/english/advisories/2009/3571",
-      "source": "cret@cert.org",
-      "tags": [
-        "Vendor Advisory"
-      ]
-    },
-    {
-      "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf",
-      "source": "cret@cert.org"
-    },
-    {
-      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54523",
+      "url": "https://www.kb.cert.org/vuls/id/261869",
      "source": "cret@cert.org"
    },
    {
--- a/CVE-2016/CVE-2016-33xx/CVE-2016-3399.json
+++ b/CVE-2016/CVE-2016-33xx/CVE-2016-3399.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2016-3399",
+  "sourceIdentifier": "security@debian.org",
+  "published": "2025-06-19T09:15:21.290",
+  "lastModified": "2025-06-19T09:15:21.290",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2018/CVE-2018-145xx/CVE-2018-14520.json
+++ b/CVE-2018/CVE-2018-145xx/CVE-2018-14520.json
@ -2,7 +2,7 @@
  "id": "CVE-2018-14520",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-24T20:15:08.510",
-  "lastModified": "2024-11-21T03:49:15.140",
+  "lastModified": "2025-06-17T20:15:23.837",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-79"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2018/CVE-2018-251xx/CVE-2018-25111.json
+++ b/CVE-2018/CVE-2018-251xx/CVE-2018-25111.json
@ -2,8 +2,8 @@
  "id": "CVE-2018-25111",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2025-05-31T01:15:19.123",
-  "lastModified": "2025-06-02T17:32:17.397",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2025-06-16T16:25:41.307",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5
+      },
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 2.5
      }
    ]
  },
@ -51,22 +71,56 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:django-helpdesk_project:django-helpdesk:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "1.0.0",
+              "matchCriteriaId": "55830F69-2DB2-4842-B7A8-906646B862FA"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/django-helpdesk/django-helpdesk/issues/591",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Issue Tracking"
+      ]
    },
    {
      "url": "https://github.com/django-helpdesk/django-helpdesk/pull/1120",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory",
+        "Patch"
+      ]
    },
    {
      "url": "https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Release Notes"
+      ]
    },
    {
      "url": "https://github.com/django-helpdesk/django-helpdesk/pull/1120",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory",
+        "Patch"
+      ]
    }
  ]
 }
--- a/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json
+++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json
@ -2,7 +2,7 @@
  "id": "CVE-2020-13878",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-05T08:15:41.840",
-  "lastModified": "2024-11-21T05:02:03.590",
+  "lastModified": "2025-06-17T15:15:33.890",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json
+++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json
@ -2,7 +2,7 @@
  "id": "CVE-2020-13880",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-05T09:15:08.587",
-  "lastModified": "2024-11-21T05:02:03.877",
+  "lastModified": "2025-06-18T16:15:19.850",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2020/CVE-2020-266xx/CVE-2020-26624.json
+++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26624.json
@ -2,7 +2,7 @@
  "id": "CVE-2020-26624",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-02T22:15:07.837",
-  "lastModified": "2024-11-21T05:20:09.577",
+  "lastModified": "2025-06-17T15:15:34.790",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 3.8,
+          "baseSeverity": "LOW",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 2.5
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-89"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json
+++ b/CVE-2020/CVE-2020-80xx/CVE-2020-8006.json
@ -2,8 +2,8 @@
  "id": "CVE-2020-8006",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-12T12:15:41.467",
-  "lastModified": "2024-11-21T05:38:12.083",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2025-06-17T21:01:15.817",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -51,22 +51,52 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:circontrol:raption_server:*:*:*:*:*:*:*:*",
+              "versionEndIncluding": "5.11.2",
+              "matchCriteriaId": "90380BD4-1577-43CA-919D-55974517E129"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://seclists.org/fulldisclosure/2024/Mar/33",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Mailing List"
+      ]
    },
    {
      "url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://seclists.org/fulldisclosure/2024/Mar/33",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Mailing List"
+      ]
    }
  ]
 }
--- a/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json
+++ b/CVE-2021/CVE-2021-204xx/CVE-2021-20450.json
@ -2,8 +2,8 @@
  "id": "CVE-2021-20450",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2024-05-03T17:15:07.363",
-  "lastModified": "2024-12-05T21:15:06.663",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2025-06-18T15:21:00.173",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -51,22 +51,61 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*",
+              "matchCriteriaId": "04E5A9C3-0F44-40C1-B6B6-92839E386F56"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*",
+              "matchCriteriaId": "7AA07D9A-71F7-446A-8A8E-DD8C357666F0"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "4BB85020-BF02-4C91-B494-93FB19185006"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640",
-      "source": "psirt@us.ibm.com"
+      "source": "psirt@us.ibm.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    },
    {
      "url": "https://www.ibm.com/support/pages/node/7149876",
-      "source": "psirt@us.ibm.com"
+      "source": "psirt@us.ibm.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Vendor Advisory"
+      ]
    },
    {
      "url": "https://www.ibm.com/support/pages/node/7149876",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2021/CVE-2021-238xx/CVE-2021-23814.json
+++ b/CVE-2021/CVE-2021-238xx/CVE-2021-23814.json
@ -2,13 +2,13 @@
  "id": "CVE-2021-23814",
  "sourceIdentifier": "report@snyk.io",
  "published": "2021-12-17T20:15:08.340",
-  "lastModified": "2024-11-21T05:51:53.883",
+  "lastModified": "2025-06-17T12:15:20.773",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories)."
+      "value": "This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading.\r\rAn attacker may be able to reproduce the following steps:\r\r1. Install a package with a web Laravel application.\r2. Navigate to the Upload window\r3. Upload an image file, then capture the request\r4. Edit the request contents with a malicious file (webshell)\r5. Enter the path of file uploaded on URL - Remote Code Execution\r\r\r**Note:** Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories)."
    },
    {
      "lang": "es",
@ -85,6 +85,16 @@
    ]
  },
  "weaknesses": [
+    {
+      "source": "report@snyk.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
@ -124,15 +134,20 @@
      ]
    },
    {
-      "url": "https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975",
+      "url": "https://github.com/UniSharp/laravel-filemanager/issues/1113",
      "source": "report@snyk.io"
    },
    {
-      "url": "https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199",
-      "source": "report@snyk.io",
-      "tags": [
-        "Third Party Advisory"
-      ]
+      "url": "https://github.com/UniSharp/laravel-filemanager/releases/tag/v2.5.1",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/UniSharp/laravel-filemanager/releases/tag/v2.6.2",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199",
+      "source": "report@snyk.io"
    },
    {
      "url": "https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26",
--- a/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json
+++ b/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-25117",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-01-16T16:15:09.213",
-  "lastModified": "2024-11-21T05:54:23.110",
+  "lastModified": "2025-06-17T14:15:26.197",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
      }
    ]
  },
--- a/CVE-2021/CVE-2021-382xx/CVE-2021-38243.json
+++ b/CVE-2021/CVE-2021-382xx/CVE-2021-38243.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-38243",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-09-27T15:15:54.463",
-  "lastModified": "2024-11-21T06:16:41.073",
+  "lastModified": "2025-06-18T15:15:19.803",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "NVD-CWE-noinfo"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2021/CVE-2021-435xx/CVE-2021-43584.json
+++ b/CVE-2021/CVE-2021-435xx/CVE-2021-43584.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-43584",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-24T20:15:53.610",
-  "lastModified": "2024-11-21T06:29:29.450",
+  "lastModified": "2025-06-16T20:15:23.203",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-79"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2021/CVE-2021-469xx/CVE-2021-46902.json
+++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46902.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-46902",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-04T21:15:07.840",
-  "lastModified": "2024-11-21T06:34:53.637",
+  "lastModified": "2025-06-17T18:15:22.437",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "NVD-CWE-noinfo"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2021/CVE-2021-469xx/CVE-2021-46903.json
+++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46903.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-46903",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-04T21:15:07.900",
-  "lastModified": "2024-11-21T06:34:53.800",
+  "lastModified": "2025-06-17T18:15:22.650",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.2
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "NVD-CWE-Other"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2021/CVE-2021-471xx/CVE-2021-47144.json
+++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47144.json
@ -2,174 +2,15 @@
  "id": "CVE-2021-47144",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-03-25T09:15:08.950",
-  "lastModified": "2024-12-17T14:49:22.333",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T14:15:24.327",
+  "vulnStatus": "Rejected",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: fix refcount leak\n\n[Why]\nthe gem object rfb->base.obj[0] is get according to num_planes\nin amdgpufb_create, but is not put according to num_planes\n\n[How]\nput rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes"
-    },
-    {
-      "lang": "es",
-      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/amdgpu: corrige la fuga de refcount [Por qu\u00e9] el objeto gema rfb-&gt;base.obj[0] se obtiene seg\u00fan num_planes en amdgpufb_create, pero no se coloca seg\u00fan num_planes en amdgpufb_create num_planes [C\u00f3mo] poner rfb-&gt;base.obj[0] en amdgpu_fbdev_destroy seg\u00fan num_planes"
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
    }
  ],
-  "metrics": {
-    "cvssMetricV31": [
-      {
-        "source": "nvd@nist.gov",
-        "type": "Primary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
-          "baseScore": 5.5,
-          "baseSeverity": "MEDIUM",
-          "attackVector": "LOCAL",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "NONE",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
-          "integrityImpact": "NONE",
-          "availabilityImpact": "HIGH"
-        },
-        "exploitabilityScore": 1.8,
-        "impactScore": 3.6
-      }
-    ]
-  },
-  "weaknesses": [
-    {
-      "source": "nvd@nist.gov",
-      "type": "Primary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "NVD-CWE-Other"
-        }
-      ]
-    }
-  ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionEndExcluding": "4.19.193",
-              "matchCriteriaId": "A3FDF344-70E4-41FE-8424-F05D70B8DC0F"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.4.0",
-              "versionEndExcluding": "5.4.124",
-              "matchCriteriaId": "F717E3E3-B420-411F-AECC-2D26A9F33F0F"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.10.0",
-              "versionEndExcluding": "5.10.42",
-              "matchCriteriaId": "18765089-FB00-4E06-82C2-69FE64CAB42D"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.12.0",
-              "versionEndExcluding": "5.12.9",
-              "matchCriteriaId": "B1F28E29-3C08-49BB-BCE1-C601F43C091D"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
-              "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
-              "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/95a4ec905e51a30c64cf2d78b04a7acbeae5ca94",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dde2656e0bbb2ac7d83a7bd95a8d5c3c95bbc009",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fa7e6abc75f3d491bc561734312d065dc9dc2a77",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/95a4ec905e51a30c64cf2d78b04a7acbeae5ca94",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dde2656e0bbb2ac7d83a7bd95a8d5c3c95bbc009",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fa7e6abc75f3d491bc561734312d065dc9dc2a77",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
-      "tags": [
-        "Patch"
-      ]
-    }
-  ]
+  "metrics": {},
+  "references": []
 }
--- a/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json
+++ b/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-1471",
  "sourceIdentifier": "cve-coordination@google.com",
  "published": "2022-12-01T11:15:10.553",
-  "lastModified": "2025-02-13T17:15:35.627",
+  "lastModified": "2025-06-18T09:15:47.243",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -116,6 +116,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html",
+      "source": "cve-coordination@google.com"
+    },
    {
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
      "source": "cve-coordination@google.com",
@ -136,6 +140,10 @@
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc",
      "source": "cve-coordination@google.com"
    },
+    {
+      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c",
+      "source": "cve-coordination@google.com"
+    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015/",
      "source": "cve-coordination@google.com"
--- a/CVE-2022/CVE-2022-18xx/CVE-2022-1807.json
+++ b/CVE-2022/CVE-2022-18xx/CVE-2022-1807.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-1807",
  "sourceIdentifier": "security-alert@sophos.com",
  "published": "2022-09-07T18:15:08.647",
-  "lastModified": "2024-11-21T06:41:30.647",
+  "lastModified": "2025-06-17T20:15:24.970",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -69,6 +69,16 @@
          "value": "CWE-89"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-215xx/CVE-2022-21505.json
+++ b/CVE-2022/CVE-2022-215xx/CVE-2022-21505.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-21505",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2024-12-24T19:15:06.763",
-  "lastModified": "2024-12-27T17:15:06.320",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2025-06-18T20:42:10.643",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -51,14 +51,47 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
+              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*",
+              "matchCriteriaId": "CA9021D6-6027-42E9-A12D-7EA32C5C63F1"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*",
+              "matchCriteriaId": "9E6116DA-D643-4C6D-8B90-0A41125F1EF0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b",
-      "source": "secalert_us@oracle.com"
+      "source": "secalert_us@oracle.com",
+      "tags": [
+        "Broken Link"
+      ]
    },
    {
      "url": "https://linux.oracle.com/cve/CVE-2022-21505.html",
-      "source": "secalert_us@oracle.com"
+      "source": "secalert_us@oracle.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23180.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23180.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-23180",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-01-16T16:15:09.787",
-  "lastModified": "2024-11-21T06:48:08.517",
+  "lastModified": "2025-06-16T18:15:19.997",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
      }
    ]
  },
--- a/CVE-2022/CVE-2022-236xx/CVE-2022-23689.json
+++ b/CVE-2022/CVE-2022-236xx/CVE-2022-23689.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-23689",
  "sourceIdentifier": "security-alert@hpe.com",
  "published": "2022-09-06T18:15:11.313",
-  "lastModified": "2024-11-21T06:49:06.443",
+  "lastModified": "2025-06-17T20:15:25.123",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
      }
    ]
  },
--- a/CVE-2022/CVE-2022-289xx/CVE-2022-28975.json
+++ b/CVE-2022/CVE-2022-289xx/CVE-2022-28975.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-28975",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-09T14:15:45.647",
-  "lastModified": "2024-11-21T06:58:16.340",
+  "lastModified": "2025-06-18T17:15:26.230",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-79"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-303xx/CVE-2022-30312.json
+++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30312.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-30312",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T18:15:08.807",
-  "lastModified": "2024-11-21T07:02:33.337",
+  "lastModified": "2025-06-17T20:15:25.327",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-319"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-314xx/CVE-2022-31414.json
+++ b/CVE-2022/CVE-2022-314xx/CVE-2022-31414.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-31414",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.397",
-  "lastModified": "2024-11-21T07:04:27.940",
+  "lastModified": "2025-06-17T20:15:25.530",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-120"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-322xx/CVE-2022-32264.json
+++ b/CVE-2022/CVE-2022-322xx/CVE-2022-32264.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-32264",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-06T18:15:15.530",
-  "lastModified": "2024-11-21T07:06:03.270",
+  "lastModified": "2025-06-17T20:15:25.727",
  "vulnStatus": "Modified",
  "cveTags": [
    {
@ -43,6 +43,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
      }
    ]
  },
@ -56,6 +76,16 @@
          "value": "CWE-755"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-755"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json
+++ b/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-32919",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2024-01-10T22:15:47.173",
-  "lastModified": "2024-11-21T07:07:14.263",
+  "lastModified": "2025-06-17T18:15:22.830",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-1021"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1021"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36504.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36504.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36504",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.237",
-  "lastModified": "2024-11-21T07:13:10.750",
+  "lastModified": "2025-06-17T20:15:25.923",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36508.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36508.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36508",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.413",
-  "lastModified": "2024-11-21T07:13:11.347",
+  "lastModified": "2025-06-17T20:15:26.120",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36509.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36509.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36509",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.457",
-  "lastModified": "2024-11-21T07:13:11.520",
+  "lastModified": "2025-06-17T20:15:26.290",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-78"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36510.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36510.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36510",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.500",
-  "lastModified": "2024-11-21T07:13:11.693",
+  "lastModified": "2025-06-17T20:15:26.453",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-78"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36511.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36511.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36511",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.547",
-  "lastModified": "2024-11-21T07:13:11.850",
+  "lastModified": "2025-06-17T20:15:26.617",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36513.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36513.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36513",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-25T14:15:11.590",
-  "lastModified": "2024-11-21T07:13:12.010",
+  "lastModified": "2025-06-17T20:15:26.780",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-365xx/CVE-2022-36587.json
+++ b/CVE-2022/CVE-2022-365xx/CVE-2022-36587.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36587",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.520",
-  "lastModified": "2024-11-21T07:13:21.960",
+  "lastModified": "2025-06-17T20:15:26.947",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-120"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-366xx/CVE-2022-36659.json
+++ b/CVE-2022/CVE-2022-366xx/CVE-2022-36659.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36659",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.567",
-  "lastModified": "2024-11-21T07:13:27.807",
+  "lastModified": "2025-06-17T20:15:27.130",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-476"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-366xx/CVE-2022-36660.json
+++ b/CVE-2022/CVE-2022-366xx/CVE-2022-36660.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36660",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.613",
-  "lastModified": "2024-11-21T07:13:27.947",
+  "lastModified": "2025-06-17T20:15:27.297",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-787"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-366xx/CVE-2022-36661.json
+++ b/CVE-2022/CVE-2022-366xx/CVE-2022-36661.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-36661",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.667",
-  "lastModified": "2024-11-21T07:13:28.100",
+  "lastModified": "2025-06-17T20:15:27.457",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-476"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-377xx/CVE-2022-37780.json
+++ b/CVE-2022/CVE-2022-377xx/CVE-2022-37780.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-37780",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-09-07T17:15:08.717",
-  "lastModified": "2024-11-21T07:15:09.260",
+  "lastModified": "2025-06-17T20:15:27.613",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
      }
    ]
  },
--- a/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json
+++ b/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-40361",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-11T03:15:09.157",
-  "lastModified": "2024-11-21T07:21:21.140",
+  "lastModified": "2025-06-17T18:15:23.053",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-79"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json
+++ b/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-43216",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-08T12:15:08.017",
-  "lastModified": "2024-11-21T07:26:03.743",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2025-06-18T18:34:07.987",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -51,22 +51,52 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:abrhil:lista_de_asistenci:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "5.6.2",
+              "matchCriteriaId": "C87E0702-92E1-4AE1-A140-663508A414EC"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://abrhil.com/",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://github.com/blackarrowsec/advisories/tree/master/2022/CVE-2022-43216",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://abrhil.com/",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://github.com/blackarrowsec/advisories/tree/master/2022/CVE-2022-43216",
-      "source": "af854a3a-2127-422b-91ae-364da2661108"
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43840.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43840.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-43840",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2025-04-14T21:15:16.200",
-  "lastModified": "2025-04-15T21:15:46.440",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2025-06-19T00:37:04.670",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -51,10 +51,32 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "3.4.0",
+              "versionEndIncluding": "3.4.4",
+              "matchCriteriaId": "682EB2AD-DD53-43FC-8A8E-7A3BDE927467"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.ibm.com/support/pages/node/7169766",
-      "source": "psirt@us.ibm.com"
+      "source": "psirt@us.ibm.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2022/CVE-2022-456xx/CVE-2022-45699.json
+++ b/CVE-2022/CVE-2022-456xx/CVE-2022-45699.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-45699",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-02-10T02:15:10.727",
-  "lastModified": "2025-03-24T18:15:15.653",
+  "lastModified": "2025-06-17T06:15:21.230",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -119,6 +119,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://web.archive.org/web/20230626075954/https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.youtube.com/watch?v=YNeeaDPJOBY",
      "source": "cve@mitre.org",
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-46721",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2024-01-10T22:15:47.430",
-  "lastModified": "2024-11-21T07:30:58.433",
+  "lastModified": "2025-06-17T18:15:23.260",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "NVD-CWE-noinfo"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json
+++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-47072",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-31T21:15:08.440",
-  "lastModified": "2024-11-21T07:31:27.933",
+  "lastModified": "2025-06-17T15:15:35.183",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-89"
        }
      ]
+    },
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
    }
  ],
  "configurations": [
--- a/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json
+++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-48577",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2024-01-10T22:15:47.610",
-  "lastModified": "2024-11-21T07:33:31.703",
+  "lastModified": "2025-06-17T20:15:27.790",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
      }
    ]
  },
--- a/CVE-2022/CVE-2022-488xx/CVE-2022-48849.json
+++ b/CVE-2022/CVE-2022-488xx/CVE-2022-48849.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-48849",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-07-16T13:15:12.103",
-  "lastModified": "2024-11-21T07:34:12.480",
+  "lastModified": "2025-06-19T13:15:21.690",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -91,13 +91,6 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/fcd1d79aa943fff4fbaa0cce1d576995a7960699",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/cb29021be49858059138f75d6311a7c35a9379b2",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
--- a/CVE-2022/CVE-2022-489xx/CVE-2022-48935.json
+++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48935.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-48935",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-08-22T04:15:16.877",
-  "lastModified": "2024-08-23T01:45:31.280",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T13:15:21.983",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -105,13 +105,6 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/88c795491bf45a8c08a0f94c9ca4f13722e51013",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/8ffb8ac3448845f65634889b051bd65e4dee484b",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -119,13 +112,6 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/b05a24cc453e3cd51b0c79e3c583b5d495eba1d6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/b4fcc081e527aa2ce12e956912fc47e251f6bd27",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
--- a/CVE-2022/CVE-2022-489xx/CVE-2022-48941.json
+++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48941.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-48941",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-08-22T04:15:17.967",
-  "lastModified": "2024-08-22T18:41:37.090",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T13:15:22.263",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -84,13 +84,6 @@
    }
  ],
  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/05ae1f0fe9c6c5ead08b306e665763a352d20716",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
--- a/CVE-2022/CVE-2022-491xx/CVE-2022-49152.json
+++ b/CVE-2022/CVE-2022-491xx/CVE-2022-49152.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-49152",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:00:52.440",
-  "lastModified": "2025-03-13T21:58:23.127",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T13:15:22.587",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -105,40 +105,12 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
    }
  ]
 }
--- a/CVE-2022/CVE-2022-492xx/CVE-2022-49299.json
+++ b/CVE-2022/CVE-2022-492xx/CVE-2022-49299.json
@ -2,185 +2,15 @@
  "id": "CVE-2022-49299",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:01:06.727",
-  "lastModified": "2025-04-14T19:49:30.960",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T14:15:34.170",
+  "vulnStatus": "Rejected",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset."
-    },
-    {
-      "lang": "es",
-      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: gadget: no restablezca el controlador UDC del bus del gadget-&gt;controlador no debe tocar los componentes internos del controlador del gadget, especialmente no debe restablecer el controlador UDC del bus del gadget-&gt;controlador. Esto no fue da\u00f1ino hasta ahora, pero desde el commit fc274c1e9973 (\"USB: gadget: Agregar un nuevo bus para gadgets\") el subsistema de gadget tiene su propio bus y jugar con -&gt;bus desencadena la siguiente desreferencia de puntero NULL: dwc2 12480000.hsotg: controlador vinculado g_ether 8&lt;--- corte aqu\u00ed --- No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 00000000 [00000000] *pgd=00000000 Error interno: Oops: 5 [#1] M\u00f3dulos SMP ARM vinculados en: ... CPU: 0 PID: 620 Comm: modprobe No contaminado 5.18.0-rc5-next-20220504 #11862 Nombre del hardware: Samsung Exynos (\u00e1rbol de dispositivos aplanado) La PC est\u00e1 en module_add_driver+0x44/0xe8 LR est\u00e1 en sysfs_do_create_link_sd+0x84/0xe0 ... Procesar modprobe (pid: 620, l\u00edmite de pila = 0x(ptrval)) ... module_add_driver desde bus_add_driver+0xf4/0x1e4 bus_add_driver desde driver_register+0x78/0x10c driver_register desde usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner desde do_one_initcall+0x44/0x1e0 do_one_initcall desde do_init_module+0x44/0x1c8 do_init_module desde load_module+0x19b8/0x1b9c load_module desde sys_finit_module+0xdc/0xfc sys_finit_module de ret_fast_syscall+0x0/0x54 Pila de excepciones (0xf1771fa8 a 0xf1771ff0) ... dwc2 12480000.hsotg: el nuevo dispositivo es de alta velocidad ---[ fin de seguimiento 000000000000000 ]--- Solucione esto eliminando el restablecimiento de la entrada del bus del controlador."
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
    }
  ],
-  "metrics": {
-    "cvssMetricV31": [
-      {
-        "source": "nvd@nist.gov",
-        "type": "Primary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
-          "baseScore": 5.5,
-          "baseSeverity": "MEDIUM",
-          "attackVector": "LOCAL",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "NONE",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
-          "integrityImpact": "NONE",
-          "availabilityImpact": "HIGH"
-        },
-        "exploitabilityScore": 1.8,
-        "impactScore": 3.6
-      }
-    ]
-  },
-  "weaknesses": [
-    {
-      "source": "nvd@nist.gov",
-      "type": "Primary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-476"
-        }
-      ]
-    }
-  ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionEndExcluding": "4.9.318",
-              "matchCriteriaId": "0D4D4067-974D-4560-8320-22FDA399E3F9"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.10",
-              "versionEndExcluding": "4.14.283",
-              "matchCriteriaId": "D6823775-2653-4644-A0D4-4E6E68F10C65"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.15",
-              "versionEndExcluding": "4.19.247",
-              "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.20",
-              "versionEndExcluding": "5.4.198",
-              "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.5",
-              "versionEndExcluding": "5.10.122",
-              "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.11",
-              "versionEndExcluding": "5.15.47",
-              "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.16",
-              "versionEndExcluding": "5.17.15",
-              "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.18",
-              "versionEndExcluding": "5.18.4",
-              "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103"
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    }
-  ]
+  "metrics": {},
+  "references": []
 }
--- a/CVE-2022/CVE-2022-493xx/CVE-2022-49352.json
+++ b/CVE-2022/CVE-2022-493xx/CVE-2022-49352.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-49352",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:01:11.920",
-  "lastModified": "2025-02-26T07:01:11.920",
+  "lastModified": "2025-06-19T13:15:23.173",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -17,10 +17,6 @@
  ],
  "metrics": {},
  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0ab308d72af7548f21e4499d025c25887da0c26a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
    {
      "url": "https://git.kernel.org/stable/c/1bcce88da60eccc946c0f4ed942b0f08cd565778",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
--- a/CVE-2022/CVE-2022-494xx/CVE-2022-49412.json
+++ b/CVE-2022/CVE-2022-494xx/CVE-2022-49412.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-49412",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:01:17.703",
-  "lastModified": "2025-03-24T19:52:31.537",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2025-06-19T13:15:23.390",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -105,13 +105,6 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/7d172b9dc913e161d8ff88770eea01701ff553de",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/8abc8763b11c35e03cc91d59fd0cd28d39f88ca9",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -119,13 +112,6 @@
        "Patch"
      ]
    },
-    {
-      "url": "https://git.kernel.org/stable/c/97be7d13fbd4001eeab49b1be6399f23a8c66160",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
    {
      "url": "https://git.kernel.org/stable/c/a16c65cca7d2c7ff965fdd3adc8df2156529caf1",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
--- a/CVE-2022/CVE-2022-494xx/CVE-2022-49418.json
+++ b/CVE-2022/CVE-2022-494xx/CVE-2022-49418.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-49418",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:01:18.260",
-  "lastModified": "2025-02-26T07:01:18.260",
+  "lastModified": "2025-06-19T13:15:23.660",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -24,10 +24,6 @@
    {
      "url": "https://git.kernel.org/stable/c/c3ed222745d9ad7b69299b349a64ba533c64a34f",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/eb1fe9600b86c24a789046bfc5c6851dda119280",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
 }
--- a/CVE-2022/CVE-2022-495xx/CVE-2022-49558.json
+++ b/CVE-2022/CVE-2022-495xx/CVE-2022-49558.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-49558",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2025-02-26T07:01:31.597",
-  "lastModified": "2025-02-26T07:01:31.597",
+  "lastModified": "2025-06-19T13:15:23.990",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -37,10 +37,6 @@
      "url": "https://git.kernel.org/stable/c/b09e6ccf0d12f9356e8e3508d3e3dce126298538",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
-    {
-      "url": "https://git.kernel.org/stable/c/c73955a09408e7374d9abfd0e78ce3de9cda0635",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
    {
      "url": "https://git.kernel.org/stable/c/f9a43007d3f7ba76d5e7f9421094f00f2ef202f8",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49934",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:19.400",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix UAF in ieee80211_scan_rx()\n\nieee80211_scan_rx() tries to access scan_req->flags after a\nnull check, but a UAF is observed when the scan is completed\nand __ieee80211_scan_completed() executes, which then calls\ncfg80211_scan_done() leading to the freeing of scan_req.\n\nSince scan_req is rcu_dereference()'d, prevent the racing in\n__ieee80211_scan_completed() by ensuring that from mac80211's\nPOV it is no longer accessed from an RCU read critical section\nbefore we call cfg80211_scan_done()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/4abc8c07a065ecf771827bde3c63fbbe4aa0c08b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5d20c6f932f2758078d0454729129c894fe353e7",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/60deb9f10eec5c6a20252ed36238b55d8b614a2c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/6eb181a64fdabf10be9e54de728876667da20255",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/78a07732fbb0934d14827d8f09b9aa6a49ee1aa9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9ad48cbf8b07f10c1e4a7a262b32a9179ae9dd2d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c0445feb80a4d0854898118fa01073701f8d356b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e0ff39448cea654843744c72c6780293c5082cb1",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49935",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.340",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/a3f7c10a269d5b77dd5822ade822643ced3057f0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49936",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.450",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt.  That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best.  However, the bug report points out that the USB\ncore does not have any protection against nested resets.  Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1b29498669914c7f9afb619722421418a753d372",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9c6d778800b921bde3bff3cff5003d1650f942d1",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c548b99e1c37db6f7df86ecfe9a1f895d6c5966e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/cc9a12e12808af178c600cc485338bac2e37d2a8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d5eb850b3e8836197a38475840725260b9783e94",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/df1875084898b15cbc42f712e93d7f113ae6271b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49937",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.570",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mceusb: Use new usb_control_msg_*() routines\n\nAutomatic kernel fuzzing led to a WARN about invalid pipe direction in\nthe mceusb driver:\n\n------------[ cut here ]------------\nusb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40\nWARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410\nusb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nCode: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8\n44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b\ne9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41\nRSP: 0018:ffffc900032becf0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000\nRDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90\nRBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000\nR10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000\nR13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500\nFS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0\nCall Trace:\n<TASK>\nusb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58\nusb_internal_control_msg drivers/usb/core/message.c:102 [inline]\nusb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153\nmceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]\nmceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807\n\nThe reason for the warning is clear enough; the driver sends an\nunusual read request on endpoint 0 but does not set the USB_DIR_IN bit\nin the bRequestType field.\n\nMore importantly, the whole situation can be avoided and the driver\nsimplified by converting it over to the relatively new\nusb_control_msg_recv() and usb_control_msg_send() routines.  That's\nwhat this fix does."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2022-49938",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.683",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json
@ -0,0 +1,45 @@
+{
+  "id": "CVE-2022-49939",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.793",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF of ref->proc caused by race condition\n\nA transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the\nreference for a node. In this case, the target proc normally releases\nthe failed reference upon close as expected. However, if the target is\ndying in parallel the call will race with binder_deferred_release(), so\nthe target could have released all of its references by now leaving the\ncleanup of the new failed reference unhandled.\n\nThe transaction then ends and the target proc gets released making the\nref->proc now a dangling pointer. Later on, ref->node is closed and we\nattempt to take spin_lock(&ref->proc->inner_lock), which leads to the\nuse-after-free bug reported below. Let's fix this by cleaning up the\nfailed reference on the spot instead of relying on the target to do so.\n\n  ==================================================================\n  BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150\n  Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590\n\n  CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10\n  Hardware name: linux,dummy-virt (DT)\n  Workqueue: events binder_deferred_func\n  Call trace:\n   dump_backtrace.part.0+0x1d0/0x1e0\n   show_stack+0x18/0x70\n   dump_stack_lvl+0x68/0x84\n   print_report+0x2e4/0x61c\n   kasan_report+0xa4/0x110\n   kasan_check_range+0xfc/0x1a4\n   __kasan_check_write+0x3c/0x50\n   _raw_spin_lock+0xa8/0x150\n   binder_deferred_func+0x5e0/0x9b0\n   process_one_work+0x38c/0x5f0\n   worker_thread+0x9c/0x694\n   kthread+0x188/0x190\n   ret_from_fork+0x10/0x20"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/06e5b43ca4dab06a92bf4c2f33766e6fb11b880a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/229f47603dd306bc0eb1a831439adb8e48bb0eae",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/30d0901b307f27d36b2655fb3048cf31ee0e89c0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/603a47f2ae56bf68288784d3c0a8c5b8e0a827ed",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9629f2dfdb1dad294b468038ff8e161e94d0b609",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a0e44c64b6061dda7e00b7c458e4523e2331b739",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c2a4b5dc8fa71af73bab704d0cac42ac39767ed6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49940",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:20.917",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n <TASK>\n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/309aea4b6b813f6678c3a547cfd7fe3a76ffa976",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5a82cf64f8ad63caf6bf115642ce44ddbc64311e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5aa37f9510345a812c0998bcbbc4d88d1dcc4d8b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49941.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49941.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2022-49941",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.030",
+  "lastModified": "2025-06-18T15:15:20.837",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49942",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.147",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel \"switch\"\nannouncement doesn't make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49943",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.267",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation.  In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (kn->active#4){++++}-{0:0}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __kernfs_remove+0x268/0x380\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kernfs_remove_by_name_ns+0x58/0xac\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sysfs_remove_file_ns+0x18/0x24\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_del+0x15c/0x440\n\n-> #2 (device_links_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_link_remove+0x3c/0xa0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 _regulator_put.part.0+0x168/0x190\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_put+0x3c/0x54\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 devm_regulator_release+0x14/0x20\n\n-> #1 (regulator_list_mutex){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_lock_dependent+0x54/0x284\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_enable+0x34/0x80\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 phy_power_on+0x24/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __dwc2_lowlevel_hw_enable+0x100/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_lowlevel_hw_enable+0x18/0x40\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_hsotg_udc_start+0x6c/0x2f0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 gadget_bind_driver+0x124/0x1f4\n\n-> #0 (udc_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __lock_acquire+0x1298/0x20cc\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire.part.0+0xe0/0x230\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc->driver along with a few other\nthings.  As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's ->bind or ->unbind\nroutine, or while a UDC is being started or stopped.  (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' ->disconnect callbacks are problematic.  Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the ->bind callback is invoked.  If a disconnect occurred\nduring that window, we could call the driver's ->disconnect routine\nbefore its ->bind routine.  To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver.  This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this.  Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc->driver at arbitrary times since it is a\nsysfs callback.  The solution here is to acquire the gadget's device\nlock rather than the udc_mutex.  Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc->driver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc->driver.  The missing lock and\nunlock calls are added."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1016fc0c096c92dd0e6e0541daac7a7868169903",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/1a065e4673cbdd9f222a05f85e17d78ea50c8d9c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49944",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.377",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: typec: ucsi: add a common function ucsi_unregister_connectors()\"\n\nThe recent commit 87d0e2f41b8c (\"usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()\") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs.  It's a\nstale sysfs entry that should have been removed but remains with NULL\nops.  The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49945",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.483",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (gpio-fan) Fix array out of bounds access\n\nThe driver does not check if the cooling state passed to\ngpio_fan_set_cur_state() exceeds the maximum cooling state as\nstored in fan_data->num_speeds. Since the cooling state is later\nused as an array index in set_fan_speed(), an array out of bounds\naccess can occur.\nThis can be exploited by setting the state of the thermal cooling device\nto arbitrary values, causing for example a kernel oops when unavailable\nmemory is accessed this way.\n\nExample kernel oops:\n[  807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064\n[  807.987369] Mem abort info:\n[  807.987398]   ESR = 0x96000005\n[  807.987428]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  807.987477]   SET = 0, FnV = 0\n[  807.987507]   EA = 0, S1PTW = 0\n[  807.987536]   FSC = 0x05: level 1 translation fault\n[  807.987570] Data abort info:\n[  807.987763]   ISV = 0, ISS = 0x00000005\n[  807.987801]   CM = 0, WnR = 0\n[  807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000\n[  807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[  807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[  807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[  807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G         C        5.15.56-v8+ #1575\n[  807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[  807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[  807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[  807.988691] sp : ffffffc008cf3bd0\n[  807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000\n[  807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920\n[  807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c\n[  807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000\n[  807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70\n[  807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[  807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c\n[  807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009\n[  807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8\n[  807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060\n[  807.989084] Call trace:\n[  807.989091]  set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[  807.989113]  gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[  807.989199]  cur_state_store+0x84/0xd0\n[  807.989221]  dev_attr_store+0x20/0x38\n[  807.989262]  sysfs_kf_write+0x4c/0x60\n[  807.989282]  kernfs_fop_write_iter+0x130/0x1c0\n[  807.989298]  new_sync_write+0x10c/0x190\n[  807.989315]  vfs_write+0x254/0x378\n[  807.989362]  ksys_write+0x70/0xf8\n[  807.989379]  __arm64_sys_write+0x24/0x30\n[  807.989424]  invoke_syscall+0x4c/0x110\n[  807.989442]  el0_svc_common.constprop.3+0xfc/0x120\n[  807.989458]  do_el0_svc+0x2c/0x90\n[  807.989473]  el0_svc+0x24/0x60\n[  807.989544]  el0t_64_sync_handler+0x90/0xb8\n[  807.989558]  el0t_64_sync+0x1a0/0x1a4\n[  807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416)\n[  807.989627] ---[ end t\n---truncated---"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/3263984c7acdcb0658155b05a724ed45a10de76d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3ff866455e1e263a9ac1958095fd440984248e2f",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/517dba798793e69b510779c3cde7224a65f3ed1d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/53196e0376205ed49b75bfd0475af5e0fbd20156",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7756eb1ed124753f4d64f761fc3d84290dffcb4d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c8ae6a18708f260ccdeef6ba53af7548457dc26c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e9f6972ab40a82bd7f6d36800792ba2e084474d8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f233d2be38dbbb22299192292983037f01ab363c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49946",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.610",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Prevent out-of-bounds access\n\nThe while loop in raspberrypi_discover_clocks() relies on the assumption\nthat the id of the last clock element is zero. Because this data comes\nfrom the Videocore firmware and it doesn't guarantuee such a behavior\nthis could lead to out-of-bounds access. So fix this by providing\na sentinel element."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2022-49947",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.717",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix alloc->vma_vm_mm null-ptr dereference\n\nSyzbot reported a couple issues introduced by commit 44e602b4e52f\n(\"binder_alloc: add missing mmap_lock calls when using the VMA\"), in\nwhich we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not\nbeen initialized yet.\n\nThis can happen if a binder_proc receives a transaction without having\npreviously called mmap() to setup the binder_proc->alloc space in [1].\nAlso, a similar issue occurs via binder_alloc_print_pages() when we try\nto dump the debugfs binder stats file in [2].\n\nSample of syzbot's crash report:\n  ==================================================================\n  KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\n  CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0\n  syz-executor229[3755] cmdline: ./syz-executor2294415195\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n  RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923\n  [...]\n  Call Trace:\n   <TASK>\n   lock_acquire kernel/locking/lockdep.c:5666 [inline]\n   lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631\n   down_read+0x98/0x450 kernel/locking/rwsem.c:1499\n   mmap_read_lock include/linux/mmap_lock.h:117 [inline]\n   binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline]\n   binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593\n   binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199\n   binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986\n   binder_ioctl_write_read drivers/android/binder.c:5036 [inline]\n   binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:870 [inline]\n   __se_sys_ioctl fs/ioctl.c:856 [inline]\n   __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n   do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n   do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n   [...]\n  ==================================================================\n\nFix these issues by setting up alloc->vma_vm_mm pointer during open()\nand caching directly from current->mm. This guarantees we have a valid\nreference to take the mmap_lock during scenarios described above.\n\n[1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459\n[2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1da52815d5f1b654c89044db0cdc6adce43da1f1",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/81203ab7a6ef843a2b904a0a494f28c457d44d27",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b2a97babb0a510f8921891f9e70c5a5ef33cadac",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49948",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.827",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: Clear selection before changing the font\n\nWhen changing the console font with ioctl(KDFONTOP) the new font size\ncan be bigger than the previous font. A previous selection may thus now\nbe outside of the new screen size and thus trigger out-of-bounds\naccesses to graphics memory if the selection is removed in\nvc_do_resize().\n\nPrevent such out-of-memory accesses by dropping the selection before the\nvarious con_font_set() console handlers are called."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1cf1930369c9dc428d827b60260c53271bff3285",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/2535431ae967ad17585513649625fea7db28d4db",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/566f9c9f89337792070b5a6062dff448b3e7977f",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/989201bb8c00b222235aff04e6200230d29dc7bb",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c904fe03c4bd1f356a58797d39e2a5d0ca15cefc",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e9ba4611ddf676194385506222cce7b0844e708e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f74b4a41c5d7c9522469917e3072e55d435efd9e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49949",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:21.947",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix memory leak in firmware upload\n\nIn the case of firmware-upload, an instance of struct fw_upload is\nallocated in firmware_upload_register(). This data needs to be freed\nin fw_dev_release(). Create a new fw_upload_free() function in\nsysfs_upload.c to handle the firmware-upload specific memory frees\nand incorporate the missing kfree call for the fw_upload structure."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/789bba82f63c3e81dce426ba457fc7905b30ac6e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/baf92485d111be828e1ab84a995515b604b938e5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json
@ -0,0 +1,37 @@
+{
+  "id": "CVE-2022-49950",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.050",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on open\n\nThe probe session-duplication overflow check incremented the session\ncount also when there were no more available sessions so that memory\nbeyond the fixed-size slab-allocated session array could be corrupted in\nfastrpc_session_alloc() on open()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/cf20c3533efc89578ace94fa20a9e63446223c72",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d245f43aab2b61195d8ebb64cef7b5a08c590ab4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e0578e603065f120a8759b75e0d6c216c7078a39",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f8632b8bb53ebc005d8f24a68a0c1f9678c0e908",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49951",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.167",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix use-after-free during unregister\n\nIn the following code within firmware_upload_unregister(), the call to\ndevice_unregister() could result in the dev_release function freeing the\nfw_upload_priv structure before it is dereferenced for the call to\nmodule_put(). This bug was found by the kernel test robot using\nCONFIG_KASAN while running the firmware selftests.\n\n  device_unregister(&fw_sysfs->dev);\n  module_put(fw_upload_priv->module);\n\nThe problem is fixed by copying fw_upload_priv->module to a local variable\nfor use when calling device_unregister()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json
@ -0,0 +1,37 @@
+{
+  "id": "CVE-2022-49952",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.277",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on probe\n\nAdd the missing sanity check on the probed-session count to avoid\ncorrupting memory beyond the fixed-size slab-allocated session array\nwhen there are more than FASTRPC_MAX_SESSIONS sessions defined in the\ndevicetree."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9baa1415d9abdd1e08362ea2dcfadfacee8690b5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c0425c2facd9166fa083f90c9f3187ace0c7837a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c99bc901d5eb9fbdd7bd39f625e170ce97390336",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ec186b9f4aa2e6444d5308a6cc268aada7007639",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49953",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.397",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: cm3605: Fix an error handling path in cm3605_probe()\n\nThe commit in Fixes also introduced a new error handling path which should\ngoto the existing error handling path.\nOtherwise some resources leak."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/160905549e663019e26395ed9d66c24ee2cf5187",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3f7f49d8135cfe137c81316af64678f4dca1b82b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json
@ -0,0 +1,37 @@
+{
+  "id": "CVE-2022-49954",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.500",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 (\"Input:\niforce - wait for command completion when closing the device\") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49955",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.630",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n  kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n  BUG: Unable to handle kernel instruction fetch\n  Faulting instruction address: 0x2fff01a8\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n  Modules linked in:\n  CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W          6.0.0-rc2-00433-gede0a8d3307a #207\n  NIP:  000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n  REGS: c0000000015236b0 TRAP: 0400   Tainted: G        W           (6.0.0-rc2-00433-gede0a8d3307a)\n  MSR:  0000000008001002 <ME,RI>  CR: 00000000  XER: 20000000\n  ...\n  NIP 0x2fff01a8\n  LR  0x32608\n  Call Trace:\n    0xc00000000143c5f8 (unreliable)\n    .rtas_call+0x224/0x320\n    .rtas_get_boot_time+0x70/0x150\n    .read_persistent_clock64+0x114/0x140\n    .read_persistent_wall_and_boot_offset+0x24/0x80\n    .timekeeping_init+0x40/0x29c\n    .start_kernel+0x674/0x8f0\n    start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/8b08d4f97233d8e58fff2fd9d5f86397a49733c5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49956",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.773",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix use after free bugs\n\n_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()\nfunctions don't do anything except free the \"pcmd\" pointer.  It\nresults in a use after free.  Delete them."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/19e3f69d19801940abc2ac37c169882769ed9770",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/376e15487fec837301d888068a3fcc82efb6171a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7dce6b0ee7d78667d6c831ced957a08769973063",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9fd6170c5e2d0ccd027abe26f6f5ffc528e1bb27",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b1727def850904e4b8ba384043775672841663a1",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d0aac7146e96bf39e79c65087d21dfa02ef8db38",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dc02aaf950015850e7589696521c7fca767cea77",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e230a4455ac3e9b112f0367d1b8e255e141afae0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json
@ -0,0 +1,45 @@
+{
+  "id": "CVE-2022-49957",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:22.897",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49958",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.013",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix netdevice reference leaks in attach_default_qdiscs()\n\nIn attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails\nto attach qdisc because there is no memory in attach_one_default_qdisc().\nThen dev->qdisc will be noop_qdisc by default. But the other queues may be\nable to successfully attach to default qdisc.\n\nIn this case, the fallback to noqueue process will be triggered. If the\noriginal attached qdisc is not released and a new one is directly\nattached, this will cause netdevice reference leaks.\n\nThe following is the bug log:\n\nveth0: default qdisc (fq_codel) fail, fallback to noqueue\nunregister_netdevice: waiting for veth0 to become free. Usage count = 32\nleaked reference.\n qdisc_alloc+0x12e/0x210\n qdisc_create_dflt+0x62/0x140\n attach_one_default_qdisc.constprop.41+0x44/0x70\n dev_activate+0x128/0x290\n __dev_open+0x12a/0x190\n __dev_change_flags+0x1a2/0x1f0\n dev_change_flags+0x23/0x60\n do_setlink+0x332/0x1150\n __rtnl_newlink+0x52f/0x8e0\n rtnl_newlink+0x43/0x70\n rtnetlink_rcv_msg+0x140/0x3b0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1bb/0x290\n netlink_sendmsg+0x37c/0x4e0\n sock_sendmsg+0x5f/0x70\n ____sys_sendmsg+0x208/0x280\n\nFix this bug by clearing any non-noop qdiscs that may have been assigned\nbefore trying to re-attach."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0c6c522857151ac00150fd01baeebf231fb7d142",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/44dfa645895a56f65461249deb5b81cd16560e2a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a420d587260185407eda9c5766cfa9bdd5c39a56",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/f612466ebecb12a00d9152344ddda6f6345f04dc",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2022-49959",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.127",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp->upcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n  comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n  hex dump (first 32 bytes):\n    5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff  ^.y..z8..!8.....\n    03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00  ............(...\n  backtrace:\n    [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0\n    [<000000000187d8bd>] ovs_dp_change+0x63/0xe0\n    [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380\n    [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150\n    [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0\n    [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100\n    [<000000004959cece>] genl_rcv+0x24/0x40\n    [<000000004699ac7f>] netlink_unicast+0x23e/0x360\n    [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0\n    [<000000006f4aa380>] sock_sendmsg+0x62/0x70\n    [<00000000d0068654>] ____sys_sendmsg+0x230/0x270\n    [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0\n    [<0000000011776020>] __sys_sendmsg+0x59/0xa0\n    [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90\n    [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/a87406f4adee9c53b311d8a1ba2849c69e29a6d0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c0c1c0241917459644326a1a3102207c871ae159",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ca54b2bfaab385778e55a9fd33f6c31e7f743b48",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49960",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.237",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G     U            5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[    2.554467] Call Trace:\n[    2.554467]  <TASK>\n[    2.554467]  intel_bw_init_hw+0x14a/0x434\n[    2.554467]  ? _printk+0x59/0x73\n[    2.554467]  ? _dev_err+0x77/0x91\n[    2.554467]  i915_driver_hw_probe+0x329/0x33e\n[    2.554467]  i915_driver_probe+0x4c8/0x638\n[    2.554467]  i915_pci_probe+0xf8/0x14e\n[    2.554467]  ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[    2.554467]  pci_device_probe+0xaa/0x142\n[    2.554467]  really_probe+0x13f/0x2f4\n[    2.554467]  __driver_probe_device+0x9e/0xd3\n[    2.554467]  driver_probe_device+0x24/0x7c\n[    2.554467]  __driver_attach+0xba/0xcf\n[    2.554467]  ? driver_attach+0x1f/0x1f\n[    2.554467]  bus_for_each_dev+0x8c/0xc0\n[    2.554467]  bus_add_driver+0x11b/0x1f7\n[    2.554467]  driver_register+0x60/0xea\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  i915_init+0x2c/0xb9\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  do_one_initcall+0x12e/0x2b3\n[    2.554467]  do_initcall_level+0xd6/0xf3\n[    2.554467]  do_initcalls+0x4e/0x79\n[    2.554467]  kernel_init_freeable+0xed/0x14d\n[    2.554467]  ? rest_init+0xc1/0xc1\n[    2.554467]  kernel_init+0x1a/0x120\n[    2.554467]  ret_from_fork+0x1f/0x30\n[    2.554467]  </TASK>\n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c2798203315f4729bab0b917bf4c17a159abf9f8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49961",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.347",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg->precise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 <prog>:\n       0:       r2 = *(u32 *)(r1 + 80)\n       1:       r1 = *(u32 *)(r1 + 76)\n       2:       r3 = r1\n       3:       r3 += 4\n       4:       if r3 > r2 goto +18 <LBB5_5>\n       5:       w2 = 0\n       6:       *(u32 *)(r1 + 0) = r2\n       7:       r1 = *(u32 *)(r1 + 0)\n       8:       r2 = 1\n       9:       if w1 == 0 goto +1 <LBB5_3>\n      10:       r2 = -1\n\n0000000000000058 <LBB5_3>:\n      11:       r1 = 0 ll\n      13:       r3 = 0\n      14:       call bpf_ringbuf_reserve\n      15:       if r0 == 0 goto +7 <LBB5_5>\n      16:       r1 = r0\n      17:       r1 += 16777215\n      18:       w2 = 0\n      19:       *(u8 *)(r1 + 0) = r2\n      20:       r1 = r0\n      21:       r2 = 0\n      22:       call bpf_ringbuf_submit\n\n00000000000000b8 <LBB5_5>:\n      23:       w0 = 0\n      24:       exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg->precise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg->precise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/2459615a8d7f44ac81f0965bc094e55ccb254717",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/2fc31465c5373b5ca4edf2e5238558cb62902311",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49962",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.457",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference in remove if xHC has only one roothub\n\nThe remove path in xhci platform driver tries to remove and put both main\nand shared hcds even if only a main hcd exists (one roothub)\n\nThis causes a null pointer dereference in reboot for those controllers.\n\nCheck that the shared_hcd exists before trying to remove it."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/4a593a62a9e3a25ab4bc37f612e4edec144f7f43",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7081b2f34ff291ada012bd6abacaf7d51c4cf73f",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49963",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.570",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: fix CCS handling\n\nCrucible + recent Mesa seems to sometimes hit:\n\nGEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)\n\nAnd it looks like we can also trigger this with gem_lmem_swapping, if we\nmodify the test to use slightly larger object sizes.\n\nLooking closer it looks like we have the following issues in\nmigrate_copy():\n\n  - We are using plain integer in various places, which we can easily\n    overflow with a large object.\n\n  - We pass the entire object size (when the src is lmem) into\n    emit_pte() and then try to copy it, which doesn't work, since we\n    only have a few fixed sized windows in which to map the pages and\n    perform the copy. With an object > 8M we therefore aren't properly\n    copying the pages. And then with an object > 64M we trigger the\n    GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER).\n\nSo it looks like our copy handling for any object > 8M (which is our\nCHUNK_SZ) is currently broken on DG2.\n\nTestcase: igt@gem_lmem_swapping\n(cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/8d905254162965c8e6be697d82c7dbf5d08f574d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/97434cb55bd884bd268626ec41489f79b261b2d4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json
@ -0,0 +1,41 @@
+{
+  "id": "CVE-2022-49964",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.677",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n  |  WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n  |  Modules linked in:\n  |  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n  |  pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  |  pc : __alloc_pages+0x74/0x314\n  |  lr : alloc_pages+0xe8/0x318\n  |  Call trace:\n  |   __alloc_pages+0x74/0x314\n  |   alloc_pages+0xe8/0x318\n  |   kmalloc_order_trace+0x68/0x1dc\n  |   __kmalloc+0x240/0x338\n  |   detect_cache_attributes+0xe0/0x56c\n  |   update_siblings_masks+0x38/0x284\n  |   store_cpu_topology+0x78/0x84\n  |   smp_prepare_cpus+0x48/0x134\n  |   kernel_init_freeable+0xc4/0x14c\n  |   kernel_init+0x2c/0x1b4\n  |   ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/29906311b351e5398aff2c5dc209f8b6c9d6a410",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/43b9af72751a98cb9c074b170fc244714aeb59d5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a754ee1c66bd0a23e613f0bf865053b29cb90e16",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e75d18cecbb3805895d8ed64da4f78575ec96043",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fcab25a6b0ace130589d810390d1ce3698b53604",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49965",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.797",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics\n\nWithout these, potential memory leak may be induced."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/22a75c616f1971c23838506b14971a4ef4a66bd7",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/4bac1c846eff8042dd59ddecd0a43f3b9de5fd23",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49966",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:23.903",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid\n\nTo avoid any potential memory leak."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0a2d922a5618377cdf8fa476351362733ef55342",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/4d21584ac6392aa66171b7efd647ecd1a447556b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/60d522f317078381ff8a3599fe808f96fc256cd5",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a89e753d5a9f3b321f4a3098e2755c5aabcff0af",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49967",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.013",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0947ae1121083d363d522ff7518ee72b55bd8d29",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ba632ad0bacb13197a8f38e7526448974e87f292",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json
@ -0,0 +1,41 @@
+{
+  "id": "CVE-2022-49968",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.123",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n  (FREE)                     |  (USE)\n  adf7242_remove             |  adf7242_channel\n   cancel_delayed_work_sync  |\n    destroy_workqueue (1)    |   adf7242_cmd_rx\n                             |    mod_delayed_work (2)\n                             |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json
@ -0,0 +1,41 @@
+{
+  "id": "CVE-2022-49969",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.237",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: clear optc underflow before turn off odm clock\n\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n\n[How]\nClear that if have when clock off."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/3101839b080137c367f3f88c2a040f791de880aa",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3c1dfeaeb3b4e3ea656041da1241e6ee3c3b3202",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5ee30bcfdb32526233d2572f3d9ec371928679f1",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/814b756d4ec3a8728debb116cf49005feada7750",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/b2a93490201300a749ad261b5c5d05cb50179c44",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49970",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.357",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cgroup: Fix kernel BUG in purge_effective_progs\n\nSyzkaller reported a triggered kernel BUG as follows:\n\n  ------------[ cut here ]------------\n  kernel BUG at kernel/bpf/cgroup.c:925!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n  rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0\n  Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84\n  28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48\n  8b 0c5\n  RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246\n  RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000\n  RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578\n  RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040\n  R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000\n  R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00\n  FS:  00007f68213d2b80(0000) GS:ffff88813bc80000(0000)\n  knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0\n  Call Trace:\n   <TASK>\n   cgroup_bpf_prog_detach+0xcc/0x100\n   __sys_bpf+0x2273/0x2a00\n   __x64_sys_bpf+0x17/0x20\n   do_syscall_64+0x3b/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n  RIP: 0033:0x7f68214dbcb9\n  Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n  f0 ff8\n  RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n  RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9\n  RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009\n  RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003\n  R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20\n  R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0\n   </TASK>\n  Modules linked in:\n  ---[ end trace 0000000000000000 ]---\n\nRepetition steps:\n\nFor the following cgroup tree,\n\n  root\n   |\n  cg1\n   |\n  cg2\n\n  1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs\n     attach type is NONE or OVERRIDE.\n  2. write 1 to /proc/thread-self/fail-nth for failslab.\n  3. detach prog1 for cg1, and then kernel BUG occur.\n\nFailslab injection will cause kmalloc fail and fall back to\npurge_effective_progs. The problem is that cg2 have attached another prog,\nso when go through cg2 layer, iteration will add pos to 1, and subsequent\noperations will be skipped by the following condition, and cg will meet\nNULL in the end.\n\n  `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))`\n\nThe NULL cg means no link or prog match, this is as expected, and it's not\na bug. So here just skip the no match situation."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/222bd95c89b135fde21f0bd0cb5cc1611c0c576c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7d6620f107bae6ed687ff07668e8e8f855487aa9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a1a05d3ae58299b040da4d5b27e72e81c2132e0b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c5f975e3ebfa57be13393c585a4b58ea707023cb",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49971",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.473",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in\nsmu_v13_0_4_init_smc_tables(), but not freed in\nsmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/4b25bdb54578f3b96ff055e5d27bc1cb82950e51",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5afb76522a0af0513b6dc01f84128a73206b051b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49972",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.570",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/2c75891d56ab6fe5ba0d415bfad91d514a4027cd",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2022-49973",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.673",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Fix wrong last sg check in sk_msg_recvmsg()\n\nFix one kernel NULL pointer dereference as below:\n\n[  224.462334] Call Trace:\n[  224.462394]  __tcp_bpf_recvmsg+0xd3/0x380\n[  224.462441]  ? sock_has_perm+0x78/0xa0\n[  224.462463]  tcp_bpf_recvmsg+0x12e/0x220\n[  224.462494]  inet_recvmsg+0x5b/0xd0\n[  224.462534]  __sys_recvfrom+0xc8/0x130\n[  224.462574]  ? syscall_trace_enter+0x1df/0x2e0\n[  224.462606]  ? __do_page_fault+0x2de/0x500\n[  224.462635]  __x64_sys_recvfrom+0x24/0x30\n[  224.462660]  do_syscall_64+0x5d/0x1d0\n[  224.462709]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nIn commit 9974d37ea75f (\"skmsg: Fix invalid last sg check in\nsk_msg_recvmsg()\"), we change last sg check to sg_is_last(),\nbut in sockmap redirection case (without stream_parser/stream_verdict/\nskb_verdict), we did not mark the end of the scatterlist. Check the\nsk_msg_alloc, sk_msg_page_add, and bpf_msg_push_data functions, they all\ndo not mark the end of sg. They are expected to use sg.end for end\njudgment. So the judgment of '(i != msg_rx->sg.end)' is added back here."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/10ee118a1756141f8e9c87aa7344ed12b41630a8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/583585e48d965338e73e1eb383768d16e0922d73",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/de22cba333d8699ad77e79f862fe1320cb1284de",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49974",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.783",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json
@ -0,0 +1,37 @@
+{
+  "id": "CVE-2022-49975",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:24.893",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow->head is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/6204bf78b2a903b96ba43afff6abc0b04d6e0462",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/72f2dc8993f10262092745a88cb2dd0fef094f23",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a75987714bd2d8e59840667a28e15c1fa5c47554",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fd1894224407c484f652ad456e1ce423e89bb3eb",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2022-49976",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:25.007",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS\n\nThe x86-android-tablets handling for the Chuwi Hi8 is only necessary with\nthe Android BIOS and it is causing problems with the Windows BIOS version.\n\nSpecifically when trying to register the already present touchscreen\nx86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks\nthe working of the touchscreen and also leads to an oops:\n\n[   14.248946] ------------[ cut here ]------------\n[   14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00'\n[   14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry\n...\n[   14.249293]  unregister_irq_proc+0xe0/0x100\n[   14.249305]  free_desc+0x29/0x70\n[   14.249312]  irq_free_descs+0x4b/0x80\n[   14.249320]  mp_unmap_irq+0x5c/0x60\n[   14.249329]  acpi_unregister_gsi_ioapic+0x2a/0x40\n[   14.249338]  x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets]\n[   14.249355]  x86_android_tablet_init+0x178/0xe34 [x86_android_tablets]\n\nAdd an init callback for the Chuwi Hi8, which detects when the Windows BIOS\nis in use and exits with -ENODEV in that case, fixing this."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/2986c51540ed50ac654ffb5a772e546c02628c91",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c77b724cddfb8ac1291a60e3e68937e62cbfc5e0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49977",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:25.120",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead\n\nftrace_startup does not remove ops from ftrace_ops_list when\nftrace_startup_enable fails:\n\nregister_ftrace_function\n  ftrace_startup\n    __register_ftrace_function\n      ...\n      add_ftrace_ops(&ftrace_ops_list, ops)\n      ...\n    ...\n    ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1\n    ...\n  return 0 // ops is in the ftrace_ops_list.\n\nWhen ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:\nunregister_ftrace_function\n  ftrace_shutdown\n    if (unlikely(ftrace_disabled))\n            return -ENODEV;  // return here, __unregister_ftrace_function is not executed,\n                             // as a result, ops is still in the ftrace_ops_list\n    __unregister_ftrace_function\n    ...\n\nIf ops is dynamically allocated, it will be free later, in this case,\nis_ftrace_trampoline accesses NULL pointer:\n\nis_ftrace_trampoline\n  ftrace_ops_trampoline\n    do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!\n\nSyzkaller reports as follows:\n[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b\n[ 1203.508039] #PF: supervisor read access in kernel mode\n[ 1203.508798] #PF: error_code(0x0000) - not-present page\n[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0\n[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI\n[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G    B   W         5.10.0 #8\n[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0\n[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00\n[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246\n[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866\n[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b\n[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07\n[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399\n[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008\n[ 1203.525634] FS:  00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000\n[ 1203.526801] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0\n[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nTherefore, when ftrace_startup_enable fails, we need to rollback registration\nprocess and remove ops from ftrace_ops_list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/934e49f7d696afdae9f979abe3f308408184e17b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c3b0f72e805f0801f05fa2aa52011c4bfc694c44",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d81bd6671f45fde4c3ac7fd7733c6e3082ae9d8e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dbd8c8fc60480e3faa3ae7e27ebe03371ecd1b77",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/ddffe882d74ef43a3494f0ab0c24baf076c45f96",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/e4ae97295984ff1b9b340ed18ae1b066f36b7835",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2022-49978",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:25.243",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var->pixclock` won't be modified. This function checks\nwhether reciprocal of `var->pixclock` is too high. If `var->pixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n <TASK>\n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json
+++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2022-49979",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-06-18T11:15:25.363",
+  "lastModified": "2025-06-18T13:46:52.973",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n <TASK>\n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/2a0133723f9ebeb751cfce19f74ec07e108bef1f",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/61cc798591a36ca27eb7d8d6c09bf20e50a59968",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/86026be8535c16fcc5e4f960286faf04d7f77815",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a5d1cb908131e939bd8b63b8e5e23365bbc2edaf",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
cad-safe-bot	5386f51c9c	Auto-Update: 2025-06-19T16:00:20.308673+00:00	2025-06-19 16:03:59 +00:00
cad-safe-bot	c95081a347	Auto-Update: 2025-06-19T14:00:19.951536+00:00	2025-06-19 14:03:58 +00:00
cad-safe-bot	4c048c01e0	Auto-Update: 2025-06-19T12:00:19.928988+00:00	2025-06-19 12:03:59 +00:00
cad-safe-bot	78376728a4	Auto-Update: 2025-06-19T10:00:19.707536+00:00	2025-06-19 10:03:56 +00:00
cad-safe-bot	810992dd51	Auto-Update: 2025-06-19T08:00:19.331751+00:00	2025-06-19 08:04:00 +00:00
cad-safe-bot	94d5e1abb6	Auto-Update: 2025-06-19T06:00:22.339654+00:00	2025-06-19 06:04:00 +00:00
cad-safe-bot	f0609a9be0	Auto-Update: 2025-06-19T04:00:21.107978+00:00	2025-06-19 04:03:58 +00:00
cad-safe-bot	891f5d561f	Auto-Update: 2025-06-19T02:00:19.760458+00:00	2025-06-19 02:03:57 +00:00
cad-safe-bot	fb18b09534	Auto-Update: 2025-06-18T23:55:19.662525+00:00	2025-06-18 23:58:59 +00:00
cad-safe-bot	2f665daee6	Auto-Update: 2025-06-18T22:00:21.548176+00:00	2025-06-18 22:04:33 +00:00
cad-safe-bot	686a7e44b7	Auto-Update: 2025-06-18T20:00:19.275391+00:00	2025-06-18 20:03:57 +00:00
cad-safe-bot	57241c3767	Auto-Update: 2025-06-18T18:00:19.012279+00:00	2025-06-18 18:03:56 +00:00
cad-safe-bot	ea046dd69c	Auto-Update: 2025-06-18T16:00:20.016200+00:00	2025-06-18 16:03:57 +00:00
cad-safe-bot	ed07e2726f	Auto-Update: 2025-06-18T14:00:23.870734+00:00	2025-06-18 14:04:05 +00:00
cad-safe-bot	8304e41770	Auto-Update: 2025-06-18T12:00:25.203106+00:00	2025-06-18 12:04:02 +00:00
cad-safe-bot	3dd99cd98b	Auto-Update: 2025-06-18T10:00:22.564295+00:00	2025-06-18 10:04:01 +00:00
cad-safe-bot	08725974cb	Auto-Update: 2025-06-18T08:00:19.429631+00:00	2025-06-18 08:03:54 +00:00
cad-safe-bot	d232b24cf0	Auto-Update: 2025-06-18T06:00:15.255153+00:00	2025-06-18 06:03:54 +00:00
cad-safe-bot	f293387096	Auto-Update: 2025-06-18T04:00:19.139961+00:00	2025-06-18 04:03:57 +00:00
cad-safe-bot	ab3f0bd5c6	Auto-Update: 2025-06-18T02:00:19.064641+00:00	2025-06-18 02:03:56 +00:00
cad-safe-bot	cc45e2bca8	Auto-Update: 2025-06-17T23:55:18.707463+00:00	2025-06-17 23:58:55 +00:00
cad-safe-bot	71c0d661b2	Auto-Update: 2025-06-17T22:00:19.934607+00:00	2025-06-17 22:03:56 +00:00
cad-safe-bot	43b2e187cc	Auto-Update: 2025-06-17T20:00:18.762506+00:00	2025-06-17 20:03:55 +00:00
cad-safe-bot	148438a3e4	Auto-Update: 2025-06-17T18:00:20.758629+00:00	2025-06-17 18:03:58 +00:00
cad-safe-bot	5841da8d89	Auto-Update: 2025-06-17T16:00:20.396590+00:00	2025-06-17 16:04:01 +00:00
cad-safe-bot	2590aff179	Auto-Update: 2025-06-17T14:00:19.592875+00:00	2025-06-17 14:05:05 +00:00
cad-safe-bot	ce24f2b02d	Auto-Update: 2025-06-17T12:00:18.963019+00:00	2025-06-17 12:03:57 +00:00
cad-safe-bot	16300dafcf	Auto-Update: 2025-06-17T10:00:20.509125+00:00	2025-06-17 10:03:58 +00:00
cad-safe-bot	6c7c0c597f	Auto-Update: 2025-06-17T08:00:22.184346+00:00	2025-06-17 08:03:59 +00:00
cad-safe-bot	d339989637	Auto-Update: 2025-06-17T06:00:19.321433+00:00	2025-06-17 06:03:58 +00:00
cad-safe-bot	b4bca37dd6	Auto-Update: 2025-06-17T04:00:19.941889+00:00	2025-06-17 04:03:59 +00:00
cad-safe-bot	e380bc32c0	Auto-Update: 2025-06-17T02:00:20.545772+00:00	2025-06-17 02:04:14 +00:00
cad-safe-bot	2db68b36e3	Auto-Update: 2025-06-16T23:55:19.871254+00:00	2025-06-16 23:59:00 +00:00
cad-safe-bot	f887594fb0	Auto-Update: 2025-06-16T22:00:19.875634+00:00	2025-06-16 22:03:58 +00:00
cad-safe-bot	8cd9cf05c9	Auto-Update: 2025-06-16T20:00:19.917170+00:00	2025-06-16 20:03:57 +00:00
cad-safe-bot	3e21c44ed4	Auto-Update: 2025-06-16T18:00:19.784104+00:00	2025-06-16 18:03:57 +00:00
cad-safe-bot	ac7f341888	Auto-Update: 2025-06-16T16:00:19.978155+00:00	2025-06-16 16:03:57 +00:00
cad-safe-bot	56317f0e9d	Auto-Update: 2025-06-16T14:00:19.614154+00:00	2025-06-16 14:03:56 +00:00
cad-safe-bot	5c1b64b714	Auto-Update: 2025-06-16T12:00:19.287786+00:00	2025-06-16 12:03:56 +00:00
cad-safe-bot	6107668da8	Auto-Update: 2025-06-16T10:00:20.163144+00:00	2025-06-16 10:03:56 +00:00
cad-safe-bot	9121a4e13c	Auto-Update: 2025-06-16T08:00:20.611770+00:00	2025-06-16 08:03:58 +00:00
cad-safe-bot	7e6caefb5e	Auto-Update: 2025-06-16T06:00:20.429691+00:00	2025-06-16 06:04:00 +00:00
cad-safe-bot	47c36eada6	Auto-Update: 2025-06-16T04:00:21.239064+00:00	2025-06-16 04:04:19 +00:00
cad-safe-bot	bd7f1d92e6	Auto-Update: 2025-06-16T02:00:19.088622+00:00	2025-06-16 02:03:56 +00:00